module
Version:
v0.0.0-...-493acbb
Opens a new window with list of versions in this module.
Published: Jul 30, 2020
License: BSD-3-Clause
Opens a new window with license information.
README
¶
Go4aRun
Usage:
- Change the desired passphrase used in encryption in hideit.go and Go4it.go
- Change the behavior options in Go4it.go
- Change block dll behavior: between "not allowing non-MS" and "only store" through nonms and onlystore variables
- Change parentName variable to change spoofed parent
- Change programPath variable to change process launched by parent which shellcode will inject into
- Change creationFlags to change launch behavior of programPath variable
- Select a Process Injection Method by comment/uncommenting the sections CreateRemoteThread or QueueUserAPC
- Run hideit (either build or go run) and select the raw shellcode file
- The script should save the encrypted shellcode in the shelly.go file in pkg/shelly (if not move manually to pkg/shelly)
- Build Go4it.go (e.g: GOOS=windows GOARCH=amd64 go build -ldflags="-H=windowsgui -s -w" Go4it.go)
- Compress: upx --brute Go4it.exe
- Run through DefenderCheck (https://github.com/matterpreter/DefenderCheck)
Related Blog Posts:
References/ Resources:
Directories
¶
cmd
|
|
|
package hideit |
|
|
pkg
|
|
|
|
|
|
|
|
|
|
Click to show internal directories.
Click to hide internal directories.