Parse is the initial entry point for all extended modules. All validation checks and processing will be performed here The function input types are limited to strings and therefore require additional processing
(options map[string]string)
| 39 | // Parse is the initial entry point for all extended modules. All validation checks and processing will be performed here |
| 40 | // The function input types are limited to strings and therefore require additional processing |
| 41 | func Parse(options map[string]string) ([]string, error) { |
| 42 | // 1. Check to make sure all of the arguments are there |
| 43 | // 2. Check each argument |
| 44 | // "commands": [{{dll.Value}}", "{{clearHeader.Value}}", "{{function.Value}}", "{{args.Value}}", "{{pid.Value}}", "{{method.Value}}"] |
| 45 | |
| 46 | if len(options) != 6 { |
| 47 | return nil, fmt.Errorf("6 arguments were expected, %d were provided", len(options)) |
| 48 | } |
| 49 | |
| 50 | // Check to make sure DLL file exists at provided path |
| 51 | _, err := os.Stat(options["dll"]) |
| 52 | if os.IsNotExist(err) { |
| 53 | return nil, fmt.Errorf("the provided directory does not exist: %s", options["dll"]) |
| 54 | } |
| 55 | // Convert clearHeader to bool |
| 56 | clearHeader, errClear := strconv.ParseBool(options["clearHeader"]) |
| 57 | if errClear != nil { |
| 58 | return nil, fmt.Errorf("there was an error parsing %s to boolean:\r\n%s", options["clearHeader"], errClear.Error()) |
| 59 | } |
| 60 | |
| 61 | // Convert PID to integer |
| 62 | if options["pid"] != "" { |
| 63 | _, errPid := strconv.Atoi(options["pid"]) |
| 64 | if errPid != nil { |
| 65 | return nil, fmt.Errorf("there was an error converting the PID to an integer:\r\n%s", errPid.Error()) |
| 66 | } |
| 67 | } |
| 68 | |
| 69 | if strings.ToLower(options["method"]) != "self" && options["pid"] == "" { |
| 70 | return nil, fmt.Errorf("a valid PID must be provided for any method except self") |
| 71 | } |
| 72 | |
| 73 | // Verify Method is a valid type |
| 74 | var method string |
| 75 | switch strings.ToLower(options["method"]) { |
| 76 | case "self": |
| 77 | method = "self" |
| 78 | case "remote": |
| 79 | method = "remote" |
| 80 | case "rtlcreateuserthread": |
| 81 | method = "RtlCreateUserThread" |
| 82 | case "userapc": |
| 83 | method = "UserAPC" |
| 84 | default: |
| 85 | return nil, fmt.Errorf("invlaid shellcode execution method: %s", method) |
| 86 | |
| 87 | } |
| 88 | // TODO add types as constant or list in shellcode.go |
| 89 | |
| 90 | sc, errShellcode := dllToReflectiveShellcode(options["dll"], options["function"], clearHeader, options["args"]) |
| 91 | if errShellcode != nil { |
| 92 | return nil, errShellcode |
| 93 | } |
| 94 | b64 := base64.StdEncoding.EncodeToString(sc) |
| 95 | command, errCommand := shellcode.GetJob(method, b64, options["pid"]) |
| 96 | if errCommand != nil { |
| 97 | return nil, fmt.Errorf("there was an error getting the shellcode job:\r\n%s", errCommand.Error()) |
| 98 | } |
no test coverage detected