emp3r0r

emp3r0r 脚本分析

# release or debug
arg1="$1"

case "$1" in
--release)
  (build) && (
    info "Preparing to archive files"
    cd /tmp || error "Cannot cd to /tmp"
    cp -aR "$pwd/tmux" "$temp" || error "cp tmux"
    cp -aR "$pwd/modules" "$temp" || error "cp modules"
    cp -aR "$pwd/emp3r0r" "$temp" || error "cp emp3r0r"
    create_tar
  )

  ;;

--debug)

  (build --debug) && (
    info "Preparing to archive files"
    cd /tmp || error "Cannot cd to /tmp"
    cp -aR "$pwd/tmux" "$temp" || error "cp tmux"
    cp -aR "$pwd/modules" "$temp" || error "cp modules"
    cp -aR "$pwd/emp3r0r" "$temp" || error "cp emp3r0r"
    create_tar
  )

  ;;

--build)
  (build) &&
    exit 0

  ;;

--uninstall)
  (uninstall) || error "uninstall failed"
  exit 0

  ;;

--install)
  (install) || error "install failed"
  exit 0

  ;;

*)
  # find prefix, either /usr or /usr/local
  if ! test -e "$prefix/lib/emp3r0r/emp3r0r-cc"; then
    # if not found in /usr/local then set to /usr
    prefix="/usr"
    if ! test -e "$prefix/lib/emp3r0r/emp3r0r-cc"; then
      # if still nothing, abort
      error "emp3r0r not installed"
    fi
  fi
  export EMP3R0R_PREFIX="$prefix" # emp3r0r-cc will read this
  data_dir="$prefix/lib/emp3r0r"
  cc="$data_dir/emp3r0r-cc"
  [[ -z "$HOME" ]] && error "HOME not set"
  workspace="$HOME/.emp3r0r"

  # workspace is ~/.emp3r0r
  # ------------------
  [[ -d "$workspace" ]] || mkdir -p "$workspace"
  cd "$workspace" || error "Failed to enter $workspace"

  # Run C2 server with tmux UI
  # --------------------------
  if ! command -v tmux >/dev/null 2>&1; then
    error "tmux not found"
  fi

  tmux_conf="$data_dir/tmux/.tmux.conf"
  [[ -f "$tmux_conf" ]] || error "$tmux_conf not found"

  # helper scripts for tmux status line
  [[ -d "$workspace/sh" ]] || cp -r "$data_dir/tmux/sh" "$workspace" || error "copy tmux scripts"

  # if not in a tmux session
  [[ -n "$TMUX" ]] || {
    # create tmux session with our config file
    tmux -f "$tmux_conf" new-session -A -s emp3r0r -n cc "$cc" "$@" || error "$0 must be run in tmux"
    exit
  }

  # if already in a tmux session
  [[ -n "$TMUX" ]] && {
    # rename, and source our config file
    tmux rename-window cc
    tmux rename-session emp3r0r
    tmux source-file "$tmux_conf"
    "$cc" "$@"
  }

  ;;

esac

该脚本的功能还是十分强大的，可以通过这个脚本进行安装，或者是发布版本

--release)
  (build) && (
    info "Preparing to archive files"
    cd /tmp || error "Cannot cd to /tmp"
    cp -aR "$pwd/tmux" "$temp" || error "cp tmux"
    cp -aR "$pwd/modules" "$temp" || error "cp modules"
    cp -aR "$pwd/emp3r0r" "$temp" || error "cp emp3r0r"
    create_tar
  )

从release 出发

先执行了一个build函数

build() {
  # build
  # -----
  command -v go || {
    error "You need to set up Go first"
  }
  go mod tidy || error "go mod tidy"

  # Check for zig installation
  check_zig

  ldflags="-v -X 'github.com/jm33-m0/emp3r0r/core/internal/def.MagicString=$magic_str'"
  ldflags+=" -X 'github.com/jm33-m0/emp3r0r/core/internal/def.Version=$(get_version)'"
  if [[ "$1" = "--debug" ]]; then
    gobuild_cmd="go"
    build_opt="build"
  else
    gobuild_cmd="go"
    build_opt="build"
    ldflags+=" -s -w"
    # info "Setting up garble"
    # go install mvdan.cc/garble@latest || error "Failed to install garble"
  fi

  info "Building CC"
  {
    cd cmd/cc && CGO_ENABLED=0 go build -o "$temp/cc.exe" -ldflags="$ldflags"
  } || error "build cc"
  info "Building cat"
  {
    cd "$pwd/cmd/cat" && CGO_ENABLED=0 go build -o "$temp/cat.exe" -ldflags="$ldflags"
  } || error "build cat"
  info "Building listener"
  {
    cd "$pwd/cmd/listener" && CGO_ENABLED=0 go build -o "$temp/listener.exe" -ldflags="$ldflags"
  } || error "build listener"

  # Linux
  build_agent_stub "amd64" "linux" "stub-amd64"
  build_agent_stub "386" "linux" "stub-386"
  build_agent_stub "arm" "linux" "stub-arm"
  build_agent_stub "arm64" "linux" "stub-arm64"
  build_agent_stub "mips" "linux" "stub-mips"
  build_agent_stub "mips64" "linux" "stub-mips64"
  build_agent_stub "riscv64" "linux" "stub-riscv64"
  build_agent_stub "ppc64" "linux" "stub-ppc64"

  # Windows
  build_agent_stub "amd64" "windows" "stub-win-amd64"
  build_agent_stub "386" "windows" "stub-win-386"
  build_agent_stub "arm64" "windows" "stub-win-arm64"

  # Shared Objects
  build_shared_object "amd64" "windows" "stub-win-amd64.dll"
  build_shared_object "386" "windows" "stub-win-386.dll"
  build_shared_object "arm64" "windows" "stub-win-arm64.dll"
  build_shared_object "amd64" "linux" "stub-amd64.so"
  build_shared_object "386" "linux" "stub-386.so"
  build_shared_object "arm" "linux" "stub-arm.so"
  build_shared_object "riscv64" "linux" "stub-riscv64.so"

  # error: https://github.com/golang/go/issues/22040
  # build_shared_object "arm64" "linux" "stub-arm64.so"
}

模块

从哪些可以获取有哪些模块？

1. 通过在软件中使用ls_modules

   

2. 从代码出发分析

   从上面的emp3r0r 脚本其实就可以分析的出来，cc 是整个c2 的server

   那就从cmd/cc/main 开始看

   

   进入到runClientMode

   再进入到operator.CliMain

   // Commands
   mainMenu.SetCommands(Emp3r0rCommands(EMP3R0R_CONSOLE))

   Emp3r0rCommands 里面就是所有的命令

   这里的命令就是help 提示的

   我们目的就是从调用的关键代码去找功能的实现方式

   

   然后可以到

   

   

   执行当前的module

   这个和正常使用的方式是一样的

   比如我们先use 之后再run这个逻辑

   通过上面的逻辑

   再跟踪

   // run module
   	mod := ModuleRunners[live.ActiveModule.Name]
   	if mod != nil {
   		go mod()
   	} else {
   		logging.Errorf("Module %s has no runner", strconv.Quote(live.ActiveModule.Name))
   	}

   就能找到所有的模块的实现了

   // ModuleRunners a map of module helpers
   ModuleRunners = map[string]func(){
   	def.ModCMD_EXEC:     moduleCmd,
   	def.ModSHELL:        moduleShell,
    def.ModPROXY:        moduleProxy,
   	def.ModPORT_FWD:     modulePortFwd,
   	def.ModLPE_SUGGEST:  moduleLPE,
   	def.ModCLEAN_LOG:    moduleLogCleaner,
   	def.ModPERSISTENCE:  modulePersistence,
   	def.ModVACCINE:      moduleVaccine,
   	def.ModINJECTOR:     moduleInjector,
   	def.ModBring2CC:     moduleBring2CC,
   	def.ModListener:     modListener,
   	def.ModSSHHarvester: module_ssh_harvester,
   	def.ModDownloader:   moduleDownloader,
   	def.ModFileServer:   moduleFileServer,
   	def.ModMemDump:      moduleMemDump,
   }

moduleCmd