View Code? Open in Web Editor
NEW
This project forked from d00mfist/go4arun
Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process
License: BSD 3-Clause "New" or "Revised" License
go4arun's Introduction
- Change the desired passphrase used in encryption in hideit.go and Go4it.go
- Change the behavior options in Go4it.go
- Change block dll behavior: between "not allowing non-MS" and "only store" through nonms and onlystore variables
- Change parentName variable to change spoofed parent
- Change programPath variable to change process launched by parent which shellcode will inject into
- Change creationFlags to change launch behavior of programPath variable
- Select a Process Injection Method by comment/uncommenting the sections CreateRemoteThread or QueueUserAPC
- Run hideit (either build or go run) and select the raw shellcode file
- The script should save the encrypted shellcode in the shelly.go file in pkg/shelly (if not move manually to pkg/shelly)
- Build Go4it.go (e.g: GOOS=windows GOARCH=amd64 go build -ldflags="-H=windowsgui -s -w" Go4it.go)
- Compress: upx --brute Go4it.exe
- Run through DefenderCheck (https://github.com/matterpreter/DefenderCheck)
go4arun's People
Contributors