Go4aRun

module
v0.0.0-...-493acbb Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 30, 2020 License: BSD-3-Clause

README

Go4aRun

Usage:

  1. Change the desired passphrase used in encryption in hideit.go and Go4it.go
  2. Change the behavior options in Go4it.go
    • Change block dll behavior: between "not allowing non-MS" and "only store" through nonms and onlystore variables
    • Change parentName variable to change spoofed parent
    • Change programPath variable to change process launched by parent which shellcode will inject into
    • Change creationFlags to change launch behavior of programPath variable
    • Select a Process Injection Method by comment/uncommenting the sections CreateRemoteThread or QueueUserAPC
  3. Run hideit (either build or go run) and select the raw shellcode file
  4. The script should save the encrypted shellcode in the shelly.go file in pkg/shelly (if not move manually to pkg/shelly)
  5. Build Go4it.go (e.g: GOOS=windows GOARCH=amd64 go build -ldflags="-H=windowsgui -s -w" Go4it.go)
  6. Compress: upx --brute Go4it.exe
  7. Run through DefenderCheck (https://github.com/matterpreter/DefenderCheck)

References/ Resources:

Directories

Path Synopsis
cmd
hide
package hideit
package hideit
run
pkg

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL