execution

package

v0.0.0-...-391d3f3 Latest Latest Go to latest Published: Mar 11, 2022 License: GPL-3.0 Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/bluesentinelsec/OffensiveGolang

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func RunCMD(cmd string) ([]byte, error)
func RunPowerShell(cmd string) ([]byte, error)
func ShellCodeCreateRemoteThread(PID int, Shellcode []byte) error
func ShellCodeRTLCopyMemory(shellcode []byte) error
func ShellCodeSyscall(Shellcode []byte)
func ShellCodeThreadExecute(Shellcode []byte)
func ShellCodeVirtualProtect(sc []byte)
func VirtualProtect(lpAddress unsafe.Pointer, dwSize uintptr, flNewProtect uint32, ...) bool
func WinDLLProc(dllName string, funcName string, args ...uintptr) (uintptr, error)

Constants ¶

View Source

const (
	MEM_COMMIT                = 0x1000
	MEM_RESERVE               = 0x2000
	PAGE_EXECUTE_READWRITE    = 0x40
	PROCESS_CREATE_THREAD     = 0x0002
	PROCESS_QUERY_INFORMATION = 0x0400
	PROCESS_VM_OPERATION      = 0x0008
	PROCESS_VM_WRITE          = 0x0020
	PROCESS_VM_READ           = 0x0010
)

Variables ¶

View Source

var (
	VirtualAlloc        = kernel32.MustFindProc("VirtualAlloc")
	VirtualAllocEx      = kernel32.MustFindProc("VirtualAllocEx")
	WriteProcessMemory  = kernel32.MustFindProc("WriteProcessMemory")
	RtlCopyMemory       = ntdll.MustFindProc("RtlCopyMemory")
	CreateThread        = kernel32.MustFindProc("CreateThread")
	OpenProcess         = kernel32.MustFindProc("OpenProcess")
	WaitForSingleObject = kernel32.MustFindProc("WaitForSingleObject")

	CreateRemoteThread = kernel32.MustFindProc("CreateRemoteThread")
)

Functions ¶

func RunCMD ¶

func RunCMD(cmd string) ([]byte, error)

RunCMD executes a command with cmd.exe

func RunPowerShell ¶

func RunPowerShell(cmd string) ([]byte, error)

RunPowerShell executes a command in PowerShell

func ShellCodeCreateRemoteThread ¶

func ShellCodeCreateRemoteThread(PID int, Shellcode []byte) error

ShellCodeCreateRemoteThread spawns shellcode in a remote process

func ShellCodeRTLCopyMemory ¶

func ShellCodeRTLCopyMemory(shellcode []byte) error

ShellCodeRTLCopyMemory executes shellcode in the current process using VirtualAlloc and RtlCopyMemory

func ShellCodeSyscall ¶

func ShellCodeSyscall(Shellcode []byte)

ShellCodeSyscall executes shellcode using syscall.Syscall()

func ShellCodeThreadExecute ¶

func ShellCodeThreadExecute(Shellcode []byte)

ShellCodeThreadExecute executes shellcode in the current process using VirtualAlloc and CreateThread

func ShellCodeVirtualProtect ¶

func ShellCodeVirtualProtect(sc []byte)

ShellCodeVirtualProtect executes shellcode in the current process by using the VirtualProtect function and a function pointer

func VirtualProtect ¶

func VirtualProtect(lpAddress unsafe.Pointer, dwSize uintptr, flNewProtect uint32, lpflOldProtect unsafe.Pointer) bool

VirtualProtect is used to set the memory region to PAGE_EXECUTE_READWRITE

func WinDLLProc ¶

func WinDLLProc(dllName string, funcName string, args ...uintptr) (uintptr, error)

WinDLLProc executes a windows DLL function

Types ¶

This section is empty.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
example-DLL

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL