run as user
This commit is contained in:
wh1te909
@@ -162,7 +162,7 @@ func NewAgentConfig() *rmm.AgentConfig {
|
||||
return ret
|
||||
}
|
||||
|
||||
func (a *Agent) RunScript(code string, shell string, args []string, timeout int) (stdout, stderr string, exitcode int, e error) {
|
||||
func (a *Agent) RunScript(code string, shell string, args []string, timeout int, runasuser bool) (stdout, stderr string, exitcode int, e error) {
|
||||
code = removeWinNewLines(code)
|
||||
content := []byte(code)
|
||||
|
||||
@@ -507,7 +507,7 @@ func (a *Agent) installMesh(meshbin, exe, proxy string) (string, error) {
|
||||
return "not implemented", nil
|
||||
}
|
||||
|
||||
func CMDShell(shell string, cmdArgs []string, command string, timeout int, detached bool) (output [2]string, e error) {
|
||||
func CMDShell(shell string, cmdArgs []string, command string, timeout int, detached bool, runasuser bool) (output [2]string, e error) {
|
||||
return [2]string{"", ""}, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -30,6 +30,7 @@ import (
|
||||
|
||||
rmm "github.com/amidaware/rmmagent/shared"
|
||||
ps "github.com/elastic/go-sysinfo"
|
||||
"github.com/fourcorelabs/wintoken"
|
||||
"github.com/go-ole/go-ole"
|
||||
"github.com/go-ole/go-ole/oleutil"
|
||||
"github.com/go-resty/resty/v2"
|
||||
@@ -81,7 +82,7 @@ func NewAgentConfig() *rmm.AgentConfig {
|
||||
}
|
||||
}
|
||||
|
||||
func (a *Agent) RunScript(code string, shell string, args []string, timeout int) (stdout, stderr string, exitcode int, e error) {
|
||||
func (a *Agent) RunScript(code string, shell string, args []string, timeout int, runasuser bool) (stdout, stderr string, exitcode int, e error) {
|
||||
|
||||
content := []byte(code)
|
||||
|
||||
@@ -143,8 +144,16 @@ func (a *Agent) RunScript(code string, shell string, args []string, timeout int)
|
||||
ctx, cancel := context.WithTimeout(context.Background(), time.Duration(timeout)*time.Second)
|
||||
defer cancel()
|
||||
|
||||
var timedOut bool = false
|
||||
var timedOut = false
|
||||
cmd := exec.Command(exe, cmdArgs...)
|
||||
if runasuser {
|
||||
token, err := wintoken.GetInteractiveToken(wintoken.TokenLinked)
|
||||
if err != nil {
|
||||
return "", err.Error(), 66, err
|
||||
}
|
||||
defer token.Close()
|
||||
cmd.SysProcAttr = &syscall.SysProcAttr{Token: syscall.Token(token.Token()), HideWindow: true}
|
||||
}
|
||||
cmd.Stdout = &outb
|
||||
cmd.Stderr = &errb
|
||||
|
||||
@@ -230,7 +239,7 @@ func CMD(exe string, args []string, timeout int, detached bool) (output [2]strin
|
||||
return [2]string{CleanString(outb.String()), CleanString(errb.String())}, nil
|
||||
}
|
||||
|
||||
func CMDShell(shell string, cmdArgs []string, command string, timeout int, detached bool) (output [2]string, e error) {
|
||||
func CMDShell(shell string, cmdArgs []string, command string, timeout int, detached bool, runasuser bool) (output [2]string, e error) {
|
||||
var (
|
||||
outb bytes.Buffer
|
||||
errb bytes.Buffer
|
||||
@@ -241,6 +250,8 @@ func CMDShell(shell string, cmdArgs []string, command string, timeout int, detac
|
||||
ctx, cancel := context.WithTimeout(context.Background(), time.Duration(timeout)*time.Second)
|
||||
defer cancel()
|
||||
|
||||
sysProcAttr := &windows.SysProcAttr{}
|
||||
|
||||
if len(cmdArgs) > 0 && command == "" {
|
||||
switch shell {
|
||||
case "cmd":
|
||||
@@ -254,9 +265,7 @@ func CMDShell(shell string, cmdArgs []string, command string, timeout int, detac
|
||||
switch shell {
|
||||
case "cmd":
|
||||
cmd = exec.Command("cmd.exe")
|
||||
cmd.SysProcAttr = &windows.SysProcAttr{
|
||||
CmdLine: fmt.Sprintf("cmd.exe /C %s", command),
|
||||
}
|
||||
sysProcAttr.CmdLine = fmt.Sprintf("cmd.exe /C %s", command)
|
||||
case "powershell":
|
||||
cmd = exec.Command("Powershell", "-NonInteractive", "-NoProfile", command)
|
||||
}
|
||||
@@ -264,10 +273,20 @@ func CMDShell(shell string, cmdArgs []string, command string, timeout int, detac
|
||||
|
||||
// https://docs.microsoft.com/en-us/windows/win32/procthread/process-creation-flags
|
||||
if detached {
|
||||
cmd.SysProcAttr = &windows.SysProcAttr{
|
||||
CreationFlags: windows.DETACHED_PROCESS | windows.CREATE_NEW_PROCESS_GROUP,
|
||||
}
|
||||
sysProcAttr.CreationFlags = windows.DETACHED_PROCESS | windows.CREATE_NEW_PROCESS_GROUP
|
||||
}
|
||||
|
||||
if runasuser {
|
||||
token, err := wintoken.GetInteractiveToken(wintoken.TokenLinked)
|
||||
if err != nil {
|
||||
return [2]string{"", CleanString(err.Error())}, err
|
||||
}
|
||||
defer token.Close()
|
||||
sysProcAttr.Token = syscall.Token(token.Token())
|
||||
sysProcAttr.HideWindow = true
|
||||
}
|
||||
|
||||
cmd.SysProcAttr = sysProcAttr
|
||||
cmd.Stdout = &outb
|
||||
cmd.Stderr = &errb
|
||||
cmd.Start()
|
||||
@@ -449,7 +468,7 @@ func (a *Agent) PlatVer() (string, error) {
|
||||
func EnablePing() {
|
||||
args := make([]string, 0)
|
||||
cmd := `netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow`
|
||||
_, err := CMDShell("cmd", args, cmd, 10, false)
|
||||
_, err := CMDShell("cmd", args, cmd, 10, false, false)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
}
|
||||
@@ -470,7 +489,7 @@ func EnableRDP() {
|
||||
|
||||
args := make([]string, 0)
|
||||
cmd := `netsh advfirewall firewall set rule group="remote desktop" new enable=Yes`
|
||||
_, cerr := CMDShell("cmd", args, cmd, 10, false)
|
||||
_, cerr := CMDShell("cmd", args, cmd, 10, false, false)
|
||||
if cerr != nil {
|
||||
fmt.Println(cerr)
|
||||
}
|
||||
@@ -497,15 +516,15 @@ func DisableSleepHibernate() {
|
||||
wg.Add(1)
|
||||
go func(c string) {
|
||||
defer wg.Done()
|
||||
_, _ = CMDShell("cmd", args, fmt.Sprintf("powercfg /set%svalueindex scheme_current sub_buttons lidaction 0", c), 5, false)
|
||||
_, _ = CMDShell("cmd", args, fmt.Sprintf("powercfg /x -standby-timeout-%s 0", c), 5, false)
|
||||
_, _ = CMDShell("cmd", args, fmt.Sprintf("powercfg /x -hibernate-timeout-%s 0", c), 5, false)
|
||||
_, _ = CMDShell("cmd", args, fmt.Sprintf("powercfg /x -disk-timeout-%s 0", c), 5, false)
|
||||
_, _ = CMDShell("cmd", args, fmt.Sprintf("powercfg /x -monitor-timeout-%s 0", c), 5, false)
|
||||
_, _ = CMDShell("cmd", args, fmt.Sprintf("powercfg /set%svalueindex scheme_current sub_buttons lidaction 0", c), 5, false, false)
|
||||
_, _ = CMDShell("cmd", args, fmt.Sprintf("powercfg /x -standby-timeout-%s 0", c), 5, false, false)
|
||||
_, _ = CMDShell("cmd", args, fmt.Sprintf("powercfg /x -hibernate-timeout-%s 0", c), 5, false, false)
|
||||
_, _ = CMDShell("cmd", args, fmt.Sprintf("powercfg /x -disk-timeout-%s 0", c), 5, false, false)
|
||||
_, _ = CMDShell("cmd", args, fmt.Sprintf("powercfg /x -monitor-timeout-%s 0", c), 5, false, false)
|
||||
}(i)
|
||||
}
|
||||
wg.Wait()
|
||||
_, _ = CMDShell("cmd", args, "powercfg -S SCHEME_CURRENT", 5, false)
|
||||
_, _ = CMDShell("cmd", args, "powercfg -S SCHEME_CURRENT", 5, false, false)
|
||||
}
|
||||
|
||||
// NewCOMObject creates a new COM object for the specifed ProgramID.
|
||||
@@ -645,7 +664,7 @@ Add-MpPreference -ExclusionPath 'C:\Windows\Temp\tacticalagent-v*.exe'
|
||||
Add-MpPreference -ExclusionPath 'C:\Windows\Temp\trmm\*'
|
||||
Add-MpPreference -ExclusionPath 'C:\Program Files\Mesh Agent\*'
|
||||
`
|
||||
_, _, _, err := a.RunScript(code, "powershell", []string{}, 20)
|
||||
_, _, _, err := a.RunScript(code, "powershell", []string{}, 20, false)
|
||||
if err != nil {
|
||||
a.Logger.Debugln(err)
|
||||
}
|
||||
|
||||
@@ -169,7 +169,7 @@ type ScriptCheckResult struct {
|
||||
// ScriptCheck runs either bat, powershell or python script
|
||||
func (a *Agent) ScriptCheck(data rmm.Check, r *resty.Client) {
|
||||
start := time.Now()
|
||||
stdout, stderr, retcode, _ := a.RunScript(data.Script.Code, data.Script.Shell, data.ScriptArgs, data.Timeout)
|
||||
stdout, stderr, retcode, _ := a.RunScript(data.Script.Code, data.Script.Shell, data.ScriptArgs, data.Timeout, data.Script.RunAsUser)
|
||||
|
||||
payload := ScriptCheckResult{
|
||||
ID: data.CheckPK,
|
||||
|
||||
@@ -42,7 +42,7 @@ func (a *Agent) InstallChoco() {
|
||||
return
|
||||
}
|
||||
|
||||
_, _, exitcode, err := a.RunScript(string(r.Body()), "powershell", []string{}, 900)
|
||||
_, _, exitcode, err := a.RunScript(string(r.Body()), "powershell", []string{}, 900, false)
|
||||
if err != nil {
|
||||
a.Logger.Debugln(err)
|
||||
a.rClient.R().SetBody(result).Post(url)
|
||||
|
||||
@@ -40,6 +40,7 @@ type NatsMsg struct {
|
||||
PatchMgmt bool `json:"patch_mgmt"`
|
||||
ID int `json:"id"`
|
||||
Code string `json:"code"`
|
||||
RunAsUser bool `json:"run_as_user"`
|
||||
}
|
||||
|
||||
var (
|
||||
@@ -177,7 +178,7 @@ func (a *Agent) RunRPC() {
|
||||
|
||||
switch runtime.GOOS {
|
||||
case "windows":
|
||||
out, _ := CMDShell(p.Data["shell"], []string{}, p.Data["command"], p.Timeout, false)
|
||||
out, _ := CMDShell(p.Data["shell"], []string{}, p.Data["command"], p.Timeout, false, p.RunAsUser)
|
||||
a.Logger.Debugln(out)
|
||||
if out[1] != "" {
|
||||
ret.Encode(out[1])
|
||||
@@ -257,7 +258,7 @@ func (a *Agent) RunRPC() {
|
||||
var resultData rmm.RunScriptResp
|
||||
ret := codec.NewEncoderBytes(&resp, new(codec.MsgpackHandle))
|
||||
start := time.Now()
|
||||
stdout, stderr, retcode, err := a.RunScript(p.Data["code"], p.Data["shell"], p.ScriptArgs, p.Timeout)
|
||||
stdout, stderr, retcode, err := a.RunScript(p.Data["code"], p.Data["shell"], p.ScriptArgs, p.Timeout, p.RunAsUser)
|
||||
resultData.ExecTime = time.Since(start).Seconds()
|
||||
resultData.ID = p.ID
|
||||
|
||||
@@ -287,7 +288,7 @@ func (a *Agent) RunRPC() {
|
||||
var retData rmm.RunScriptResp
|
||||
ret := codec.NewEncoderBytes(&resp, new(codec.MsgpackHandle))
|
||||
start := time.Now()
|
||||
stdout, stderr, retcode, err := a.RunScript(p.Data["code"], p.Data["shell"], p.ScriptArgs, p.Timeout)
|
||||
stdout, stderr, retcode, err := a.RunScript(p.Data["code"], p.Data["shell"], p.ScriptArgs, p.Timeout, p.RunAsUser)
|
||||
|
||||
retData.ExecTime = time.Since(start).Seconds()
|
||||
if err != nil {
|
||||
|
||||
@@ -59,7 +59,7 @@ func (a *Agent) RunTask(id int) error {
|
||||
|
||||
action_start := time.Now()
|
||||
if action.ActionType == "script" {
|
||||
stdout, stderr, retcode, err := a.RunScript(action.Code, action.Shell, action.Args, action.Timeout)
|
||||
stdout, stderr, retcode, err := a.RunScript(action.Code, action.Shell, action.Args, action.Timeout, action.RunAsUser)
|
||||
|
||||
if err != nil {
|
||||
a.Logger.Debugln(err)
|
||||
@@ -83,7 +83,7 @@ func (a *Agent) RunTask(id int) error {
|
||||
|
||||
} else if action.ActionType == "cmd" {
|
||||
// out[0] == stdout, out[1] == stderr
|
||||
out, err := CMDShell(action.Shell, []string{}, action.Command, action.Timeout, false)
|
||||
out, err := CMDShell(action.Shell, []string{}, action.Command, action.Timeout, false, action.RunAsUser)
|
||||
|
||||
if err != nil {
|
||||
a.Logger.Debugln(err)
|
||||
|
||||
Reference in New Issue
Block a user