redcode-labs / coldfire Goto Github PK

It would be very helpful if you could tag a release. This would enable distributions to fetch the source from GitHub instead of working with checkouts. Easier to track for package maintainer, too.

Thanks

1. go get github.com/redcode-labs/Coldfire: invalid github.com import path "github.com/redcode-labs"

2. mports github.com/redcode-labs/Coldfire
   imports github.com/redcode-labs/Coldfire: import cycle not allowed

any help please ??

After updating Golang XENA has stopped working, more on that https://xena.network

I reproduced the following issue on two separate Linux machines running Arch-based distros.

Build command: go build .
Output:
# github.com/redcode-labs/Coldfire ../../../go/pkg/mod/github.com/redcode-labs/[email protected]/net_linux.go:7:6: Networks redeclared in this block ../../../go/pkg/mod/github.com/redcode-labs/[email protected]/net.go:179:6: other declaration of Networks ../../../go/pkg/mod/github.com/redcode-labs/[email protected]/net_linux.go:25:53: undefined: syscall ../../../go/pkg/mod/github.com/redcode-labs/[email protected]/net_linux.go:27:3: undefined: syscall ../../../go/pkg/mod/github.com/redcode-labs/[email protected]/coldfire_linux.go:26:37: undefined: shellcode ../../../go/pkg/mod/github.com/redcode-labs/[email protected]/coldfire_linux.go:29:30: undefined: shellcode ../../../go/pkg/mod/github.com/redcode-labs/[email protected]/net.go:180:9: undefined: networks ../../../go/pkg/mod/github.com/redcode-labs/[email protected]/os.go:123:9: undefined: usrs

main.go:
` package main

import cf "github.com/redcode-labs/Coldfire"

func main() {
cf.B64E("asdasdasd")
}
`

go.mod:
`module main

go 1.22.0

require github.com/redcode-labs/Coldfire v0.0.0-20231123001403-f1b8b578c0b7

require (
github.com/GeertJohan/yubigo v0.0.0-20190917122436-175bc097e60e // indirect
github.com/anvie/port-scanner v0.0.0-20180225151059-8159197d3770 // indirect
github.com/beevik/ntp v1.3.1 // indirect
github.com/c-robinson/iplib v1.0.3 // indirect
github.com/fatih/color v1.13.0 // indirect
github.com/go-sql-driver/mysql v1.7.1 // indirect
github.com/jackpal/gateway v1.0.7 // indirect
github.com/lib/pq v1.10.9 // indirect
github.com/matishsiao/goInfo v0.0.0-20210923090445-da2e3fa8d45f // indirect
github.com/mattn/go-colorable v0.1.11 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/go-ps v1.0.0 // indirect
github.com/savaki/jq v0.0.0-20161209013833-0e6baecebbf8 // indirect
github.com/yalue/elf_reader v1.0.0 // indirect
github.com/ztrue/tracerr v0.4.0 // indirect
golang.org/x/crypto v0.20.0 // indirect
golang.org/x/net v0.21.0 // indirect
golang.org/x/sys v0.17.0 // indirect
)
`

go.sum:
github.com/GeertJohan/yubigo v0.0.0-20190917122436-175bc097e60e h1:Bqtt5C+uVk+vH/t5dmB47uDCTwxw16EYHqvJnmY2aQc= github.com/GeertJohan/yubigo v0.0.0-20190917122436-175bc097e60e/go.mod h1:njRCDrl+1RQ/A/+KVU8Ho2EWAxUSkohOWczdW3dzDG0= github.com/anvie/port-scanner v0.0.0-20180225151059-8159197d3770 h1:1KEvfMGAjISVzk3Ti6pfaOgtoC3naoU0LfiJooZDNO8= github.com/anvie/port-scanner v0.0.0-20180225151059-8159197d3770/go.mod h1:QGzdstKeoHmMWwi9oNHZ7DQzEj9pi7H42171pkj9htk= github.com/beevik/ntp v1.3.1 h1:Y/srlT8L1yQr58kyPWFPZIxRL8ttx2SRIpVYJqZIlAM= github.com/beevik/ntp v1.3.1/go.mod h1:fT6PylBq86Tsq23ZMEe47b7QQrZfYBFPnpzt0a9kJxw= github.com/c-robinson/iplib v1.0.3 h1:NG0UF0GoEsrC1/vyfX1Lx2Ss7CySWl3KqqXh3q4DdPU= github.com/c-robinson/iplib v1.0.3/go.mod h1:i3LuuFL1hRT5gFpBRnEydzw8R6yhGkF4szNDIbF8pgo= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI= github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/jackpal/gateway v1.0.7 h1:7tIFeCGmpyrMx9qvT0EgYUi7cxVW48a0mMvnIL17bPM= github.com/jackpal/gateway v1.0.7/go.mod h1:aRcO0UFKt+MgIZmRmvOmnejdDT4Y1DNiNOsSd1AcIbA= github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/matishsiao/goInfo v0.0.0-20210923090445-da2e3fa8d45f h1:B0OD7nYl2FPQEVrw8g2uyc1lGEzNbvrKh7fspGZcbvY= github.com/matishsiao/goInfo v0.0.0-20210923090445-da2e3fa8d45f/go.mod h1:aEt7p9Rvh67BYApmZwNDPpgircTO2kgdmDUoF/1QmwA= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.11 h1:nQ+aFkoE2TMGc0b68U2OKSexC+eq46+XwZzWXHRmPYs= github.com/mattn/go-colorable v0.1.11/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/redcode-labs/Coldfire v0.0.0-20231123001403-f1b8b578c0b7 h1:iuk+l8Mt1IYimKfF9mdVJ9l7j0PMIdc/c3yvqqNbq2o= github.com/redcode-labs/Coldfire v0.0.0-20231123001403-f1b8b578c0b7/go.mod h1:xmkgqOYqT/PrBsS/zwfRV0iDky/5MwWhctqfd93xvHU= github.com/savaki/jq v0.0.0-20161209013833-0e6baecebbf8 h1:ajJQhvqPSQFJJ4aV5mDAMx8F7iFi6Dxfo6y62wymLNs= github.com/savaki/jq v0.0.0-20161209013833-0e6baecebbf8/go.mod h1:Nw/CCOXNyF5JDd6UpYxBwG5WWZ2FOJ/d5QnXL4KQ6vY= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/yalue/elf_reader v1.0.0 h1:mJgyV2pk7Lm5BEfVbGrecaMLx6ZZuB/y8eAGm1Gln48= github.com/yalue/elf_reader v1.0.0/go.mod h1:2WMcv9f54UGq8H2MU4EHstdkSl0L0v2AycubDcDtpVU= github.com/ztrue/tracerr v0.4.0 h1:vT5PFxwIGs7rCg9ZgJ/y0NmOpJkPCPFK8x0vVIYzd04= github.com/ztrue/tracerr v0.4.0/go.mod h1:PaFfYlas0DfmXNpo7Eay4MFhZUONqvXM+T2HyGPpngk= golang.org/x/crypto v0.20.0 h1:jmAMJJZXr5KiCw05dfYK9QnqaqKLYXijU23lsEdcQqg= golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211003122950-b1ebd4e1001c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

Tested an sRDI shellcode payload with the coldfire.runShellcode() function and it fails to execute the shellcode correctly.

Looking at the source for the function and it appears the issue lies with CreateThread without calling WaitForSingleObject afterwards. I added the WaitForSingleObject API and tested the payload and it seemed to fix the issue.

// ColdFire implementation
var bg_run uintptr = 0x00
kernel32 := syscall.MustLoadDLL("kernel32.dll")
VirtualAlloc := kernel32.MustFindProc("VirtualAlloc")
procCreateThread := kernel32.MustFindProc("CreateThread")
waitForSingleObject := kernel32.MustFindProc("WaitForSingleObject")
addr, _, _ := VirtualAlloc.Call(0, uintptr(len(shellcode)), 0x2000|0x1000, syscall.PAGE_EXECUTE_READWRITE)
ptr := (*[990000]byte)(unsafe.Pointer(addr))
for i, value := range shellcode {
	ptr[i] = value
}
threadHandle, _, _ := procCreateThread.Call(0, 0, addr, 0, bg_run, 0)
waitForSingleObject.Call(threadHandle, uintptr(^uint(0)))

I have noticed that a lot of functions here are calling other functions with a different name.
This is actually unnecessary.

// IsRoot checks if the current user is the administrator of the machine.
func IsRoot() bool {
	return isRoot()
}

// CmdOut executes a given command and returns its output.
func CmdOut(command string) (string, error) {
	return cmdOut(command)
}

I hope you folks will remove such functions and de-bloatify the framework.

Hi

Can you please provide usage example for those of us that are new at golang.

This is what I have:

`package main

import "github.com/redcode-labs/ColdFire"

func main() {
coldfire.print_good("this is a test")
}`

The result is this:
./main.go:6:3: cannot refer to unexported name coldfire.print_good
./main.go:6:3: undefined: coldfire.print_good

Thanks for your time!

Hey, awesome work! Do you plan on bruteforce and additional spreading features?

TODO:

• error propagation
• logging errors
• documentation string over exported functions
• documentation string on package

As listed in the TODO list above, some of the parts of code are inconsistent.

1. You should consider using tools like go vet, go fmt and go imports.
2. Unexported methods should be used.
3. Exported methods should contain doc comment.
4. If this is module/library/framework, then you shouldn't log inside the functions, but return errors with additional info.
5. If some part of code should run, and fail if error occurs, name function according to the scheme MustDoSomethin() and then panic on error. Note that in doc comment.

@451208 as it comes out, I terribly suck at git - I had to sync the repo with my local version (as apparently Oyabun was throwing some compilation errors when latest, remote version of Coldfire was used) and I decided to force push due to the fact that merge was impossible. As it turns out, your valuable commit simply disappeared and I can't find it anywhere :< Can you please create another pull request with your modifications? I will try to merge it properly this time. Really sorry for the hassle.

Each time I attempt to go get -u the package I get the following error:

 go get -u github.com/redcode-labs/Coldfire                                                                                                                                                                 
package github.com/minio/minio/pkg/disk: cannot find package "github.com/minio/minio/pkg/disk" in any of:
	/usr/local/Cellar/go/1.14.5/libexec/src/github.com/minio/minio/pkg/disk (from $GOROOT)
	/Users/zephr/go/src/github.com/minio/minio/pkg/disk (from $GOPATH)

Any suggestions on how to remediate?

Version of Go: go version go1.14.5 darwin/amd64

Two tokens should be created and put inside the secrets settings in the repo:

• GITHUB_TOKEN - allows running of automated tests
• CODECOV_TOKEN - allows automatic uploads of test results to the CodeCov