-
Notifications
You must be signed in to change notification settings - Fork 15
Post Module Methods
When writing a post-exploitation module in Wiregost, you will need to interact with an implant session,
and send commands to it.
All implant commands available in the console thus have their equivalent function in a Post Module.
Some functions are also specific to modules, such as GetSession() which selects a session
for the module to interact with.
All functions have a GoDoc comment, so you can browse them with the GoToDefinition and other utilities available to you code editor.
First, some general functions are available:
func (m *Post) GetSession() (err error)This function finds the session with the m.Options["Session"] option.
It returns an error if either the session hasn't the OS/arch required by the
module, or if the Session name provided does not correspond to a connected implant.
func (m *Module) CheckRequiredOptions() (ok bool, err error)Checks that all required options for the Module have a value
func (m *Module) Event(event string)Sends an event back to console. Useful to give detailed status of the module when running.
func (m *Module) Asset(path string) (filePath string, err error)You can copy any amount of non-Go source files in your package
directory (as said here).
When compiling the C2 Server, it will automatically pack all the files.
You can access any of these files, anywhere in you package directory tree, by using this function.
For example, if you have a bash script in src/mimipenguin.sh, you can point to it like this:
m.Asset("src/mimipenguin.sh").
Once you have called the GetSession() method in your module, you have now access to the module's Session
object.
Thus you have access to all variables stored in it: username, hostname, remote address, PID, UID, and some others.
In order to use these values, just do m.Session.Username, or m.Session.ID, or m.Session.RemoteAddress, etc...
All post-exploitation functions are listed below, by category. Please check the codebase, or try writing a module and browse these functions with some GoToDefinition features in your editor. This is a list of these functions.
Some of these functions involve a slightly more complex process and more actions, so they already integrate m.Event() functions, that will send back status messages to the console.
(All these functions are actually methods of the Post type, we ommit here to show the receiver)
Upload(src string, path string, timeout time.Duration) (result string, err error)
Download(lpath string, rpath string, timeout time.Duration) (result string, err error)
Remove(path string, timeout time.Duration) (result string, err error)
ChangeDirectory(dir string, timeout time.Duration) (result string, err error)
ListDirectory(path string, timeout time.Duration) (files []*ghostpb.FileInfo, err error)Ps(timeout time.Duration) (procs []*ghostpb.Process, err error)
Terminate(pid int, timeout time.Duration) (result string, err error)
GetPIDByName(name string, timeout time.Duration) (pid int, err error)
Migrate(pid int, timeout time.Duration) (result string, err error)
ProcDump(pid int, timeout time.Duration) (tmp string, err error) RunAs(username, process string, args []string, timeout time.Duration) (result string, err error)
Impersonate(username string, timeout time.Duration) (result string, err error)
Rev2Self(timeout time.Duration) (result string, err error)
GetSystem(process string, timeout time.Duration) (result string, err error) Execute(path string, args []string, timeout time.Duration) (result string, err error)
ExecuteAssembly(dll, process string, args []string, timeout time.Duration) (result string, err error)
ExecuteShellcode(shellcodePath string, pid int, rwxPages bool, timeout time.Duration) (result string, err error)
SideloadDLL(dll, entryPoint, process string, args []string, timeout time.Duration) (result string, err error)
SpawnDLL(dll, export, process string, args []string, timeout time.Duration) (result string, err error)
InjectMSFPayload(payload, lhost string, lport int, pid int, encoder string, iters int, timeout time.Duration) (result string, err error)