MCPcopy
hub / github.com/Ne0nd0g/merlin / Parse

Function Parse

pkg/modules/srdi/srdi.go:41–101  ·  view source on GitHub ↗

Parse is the initial entry point for all extended modules. All validation checks and processing will be performed here The function input types are limited to strings and therefore require additional processing

(options map[string]string)

Source from the content-addressed store, hash-verified

39// Parse is the initial entry point for all extended modules. All validation checks and processing will be performed here
40// The function input types are limited to strings and therefore require additional processing
41func Parse(options map[string]string) ([]string, error) {
42 // 1. Check to make sure all of the arguments are there
43 // 2. Check each argument
44 // "commands": [{{dll.Value}}", "{{clearHeader.Value}}", "{{function.Value}}", "{{args.Value}}", "{{pid.Value}}", "{{method.Value}}"]
45
46 if len(options) != 6 {
47 return nil, fmt.Errorf("6 arguments were expected, %d were provided", len(options))
48 }
49
50 // Check to make sure DLL file exists at provided path
51 _, err := os.Stat(options["dll"])
52 if os.IsNotExist(err) {
53 return nil, fmt.Errorf("the provided directory does not exist: %s", options["dll"])
54 }
55 // Convert clearHeader to bool
56 clearHeader, errClear := strconv.ParseBool(options["clearHeader"])
57 if errClear != nil {
58 return nil, fmt.Errorf("there was an error parsing %s to boolean:\r\n%s", options["clearHeader"], errClear.Error())
59 }
60
61 // Convert PID to integer
62 if options["pid"] != "" {
63 _, errPid := strconv.Atoi(options["pid"])
64 if errPid != nil {
65 return nil, fmt.Errorf("there was an error converting the PID to an integer:\r\n%s", errPid.Error())
66 }
67 }
68
69 if strings.ToLower(options["method"]) != "self" && options["pid"] == "" {
70 return nil, fmt.Errorf("a valid PID must be provided for any method except self")
71 }
72
73 // Verify Method is a valid type
74 var method string
75 switch strings.ToLower(options["method"]) {
76 case "self":
77 method = "self"
78 case "remote":
79 method = "remote"
80 case "rtlcreateuserthread":
81 method = "RtlCreateUserThread"
82 case "userapc":
83 method = "UserAPC"
84 default:
85 return nil, fmt.Errorf("invlaid shellcode execution method: %s", method)
86
87 }
88 // TODO add types as constant or list in shellcode.go
89
90 sc, errShellcode := dllToReflectiveShellcode(options["dll"], options["function"], clearHeader, options["args"])
91 if errShellcode != nil {
92 return nil, errShellcode
93 }
94 b64 := base64.StdEncoding.EncodeToString(sc)
95 command, errCommand := shellcode.GetJob(method, b64, options["pid"])
96 if errCommand != nil {
97 return nil, fmt.Errorf("there was an error getting the shellcode job:\r\n%s", errCommand.Error())
98 }

Callers 1

getExtendedCommandFunction · 0.92

Calls 3

GetJobFunction · 0.92
dllToReflectiveShellcodeFunction · 0.85
ErrorMethod · 0.80

Tested by

no test coverage detected