mosolovsa · April 22, 2017 12:57
diff --git a/main.go b/main.go
 package main

 import (
 	"syscall"
 	"unsafe"
 	"fmt"
 	"os"
 	"os/exec"
 	"path/filepath"
 )

 const (
 	NO_ERROR				= 0x00000000
 	ERROR_SESSION_CREDENTIAL_CONFLICT	= 0x000004C3
 	RESOURCETYPE_DISK			= 0x00000001
 	CONNECT_TEMPORARY			= 0x00000004
 )

 func main() {
 	ip := "192.168.0.66"
 	user := "user"
 	pass := "890iop"

 	mpr, err := syscall.LoadDLL("mpr.dll")
 	if err != nil {
 		panic("Missing mpr.dll: " + err.Error())
 	}

 	procWNetAddConnection2, err := mpr.FindProc("WNetAddConnection2W")
 	if err != nil {
 		panic("Missing opcode: " + err.Error())
 	}

 	err = RestoreAsset("./", "helper.exe")
 	if err != nil {
 		panic("Executable corrupted, missing helper: " + err.Error())
 	}
 	defer os.Remove("./helper.exe")

 		//TODO: if shared resource already exists - returning error. For now just ignore all errors. 
 		//TODO: Implement returned stdout analysis on error. If it's not already exists error - start panic 
 	run(exec.Command("./helper.exe", "\\\\192.168.0.66", "-u", "user", "-p", "890iop", "net", "share", "AnalizDump=C:\\Temp"))
 	defer run(exec.Command("./helper.exe", "\\\\192.168.0.66", "-u", "user", "-p", "890iop", "net", "share", "AnalizDump", "/DELETE", "/Y"))

 	err = WNetAddConnection2(procWNetAddConnection2, ip, user, pass)
 	if err != nil {
 		panic("Error mapping shared resource: " + err.Error())
 	}

 	err = filepath.Walk("\\\\" + ip + "\\AnalizDump", visit)
 	fmt.Printf("filepath.Walk() returned %v\n", err)
 }

 func WNetAddConnection2(p *syscall.Proc, ip, user, pass string) error {

 	//https://msdn.microsoft.com/library/windows/desktop/aa385353(v=vs.85).aspx
 	type NETRESOURCE struct {
 		dwScope uint32
 		dwType uint32
 		dwDisplayType uint32
 		dwUsage  uint32
 		lpLocalName uintptr
 		lpRemoteName uintptr
 		lpComment uintptr
 		lpProvider uintptr
 	}

 	rpath := "\\\\" + ip + "\\AnalizDump"

 	ret, _, _ := p.Call(
 		uintptr(unsafe.Pointer(&NETRESOURCE{
 			dwType: RESOURCETYPE_DISK,
 			lpRemoteName: uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(rpath))),
 		})),
 		uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(pass))),
 		uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(user))),
 		CONNECT_TEMPORARY)

 	switch ret {
 		case NO_ERROR, ERROR_SESSION_CREDENTIAL_CONFLICT:	//succesfully authenticate or already did
 			return nil
 		default:
 			return fmt.Errorf("Error has appeared, return value %x", ret)
 	}
 }

 func visit(path string, f os.FileInfo, err error) error {
 	fmt.Printf("Visited: %s\n", path)
 	return nil
 }

 func run(cmd *exec.Cmd) {
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 	cmd.Stdin = os.Stdin
 	err := cmd.Start()
 	if err != nil {
 		panic(err)
 	}
 	err = cmd.Wait()
 	if err != nil {
 		fmt.Println(err.Error())
 	}
 	fmt.Println("Done")
 }
	package main

	import (
	"syscall"
	"unsafe"
	"fmt"
	"os"
	"os/exec"
	"path/filepath"
	)

	const (
	NO_ERROR = 0x00000000
	ERROR_SESSION_CREDENTIAL_CONFLICT = 0x000004C3
	RESOURCETYPE_DISK = 0x00000001
	CONNECT_TEMPORARY = 0x00000004
	)

	func main() {
	ip := "192.168.0.66"
	user := "user"
	pass := "890iop"

	mpr, err := syscall.LoadDLL("mpr.dll")
	if err != nil {
	panic("Missing mpr.dll: " + err.Error())
	}

	procWNetAddConnection2, err := mpr.FindProc("WNetAddConnection2W")
	if err != nil {
	panic("Missing opcode: " + err.Error())
	}

	err = RestoreAsset("./", "helper.exe")
	if err != nil {
	panic("Executable corrupted, missing helper: " + err.Error())
	}
	defer os.Remove("./helper.exe")

	//TODO: if shared resource already exists - returning error. For now just ignore all errors.
	//TODO: Implement returned stdout analysis on error. If it's not already exists error - start panic
	run(exec.Command("./helper.exe", "\\\\192.168.0.66", "-u", "user", "-p", "890iop", "net", "share", "AnalizDump=C:\\Temp"))
	defer run(exec.Command("./helper.exe", "\\\\192.168.0.66", "-u", "user", "-p", "890iop", "net", "share", "AnalizDump", "/DELETE", "/Y"))

	err = WNetAddConnection2(procWNetAddConnection2, ip, user, pass)
	if err != nil {
	panic("Error mapping shared resource: " + err.Error())
	}

	err = filepath.Walk("\\\\" + ip + "\\AnalizDump", visit)
	fmt.Printf("filepath.Walk() returned %v\n", err)
	}

	func WNetAddConnection2(p *syscall.Proc, ip, user, pass string) error {

	//https://msdn.microsoft.com/library/windows/desktop/aa385353(v=vs.85).aspx
	type NETRESOURCE struct {
	dwScope uint32
	dwType uint32
	dwDisplayType uint32
	dwUsage uint32
	lpLocalName uintptr
	lpRemoteName uintptr
	lpComment uintptr
	lpProvider uintptr
	}

	rpath := "\\\\" + ip + "\\AnalizDump"

	ret, _, _ := p.Call(
	uintptr(unsafe.Pointer(&NETRESOURCE{
	dwType: RESOURCETYPE_DISK,
	lpRemoteName: uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(rpath))),
	})),
	uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(pass))),
	uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(user))),
	CONNECT_TEMPORARY)

	switch ret {
	case NO_ERROR, ERROR_SESSION_CREDENTIAL_CONFLICT: //succesfully authenticate or already did
	return nil
	default:
	return fmt.Errorf("Error has appeared, return value %x", ret)
	}
	}

	func visit(path string, f os.FileInfo, err error) error {
	fmt.Printf("Visited: %s\n", path)
	return nil
	}

	func run(cmd *exec.Cmd) {
	cmd.Stdout = os.Stdout
	cmd.Stderr = os.Stderr
	cmd.Stdin = os.Stdin
	err := cmd.Start()
	if err != nil {
	panic(err)
	}
	err = cmd.Wait()
	if err != nil {
	fmt.Println(err.Error())
	}
	fmt.Println("Done")
	}