Need help with Go4aRun?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

D00MFist
181 Stars 22 Forks BSD 3-Clause "New" or "Revised" License 17 Commits 0 Opened issues

Description

Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process

Services available

!
?

Need anything else?

Contributors list

No Data

Go4aRun

Usage:

  1. Change the desired passphrase used in encryption in hideit.go and Go4it.go
  2. Change the behavior options in Go4it.go
    • Change block dll behavior: between "not allowing non-MS" and "only store" through nonms and onlystore variables
    • Change parentName variable to change spoofed parent
    • Change programPath variable to change process launched by parent which shellcode will inject into
    • Change creationFlags to change launch behavior of programPath variable
    • Select a Process Injection Method by comment/uncommenting the sections CreateRemoteThread or QueueUserAPC
  3. Run hideit (either build or go run) and select the raw shellcode file
  4. The script should save the encrypted shellcode in the shelly.go file in pkg/shelly (if not move manually to pkg/shelly)
  5. Build Go4it.go (e.g: GOOS=windows GOARCH=amd64 go build -ldflags="-H=windowsgui -s -w" Go4it.go)
  6. Compress: upx --brute Go4it.exe
  7. Run through DefenderCheck (https://github.com/matterpreter/DefenderCheck)

Related Blog Posts:

  • https://posts.specterops.io/going-4-a-run-eb263838b944
  • https://posts.specterops.io/going-4-a-hunt-66c9f0d7f32c

References/ Resources:

  • www.thepolyglotdeveloper.com/2018/02/encrypt-decrypt-data-golang-application-crypto-packages/
  • https://medium.com/syscall59/a-trinity-of-shellcode-aes-go-f6cec854f992
  • https://ired.team/offensive-security/defense-evasion/preventing-3rd-party-dlls-from-injecting-into-your-processes
  • https://gist.github.com/rvrsh3ll/1e66f0f2c7103ff8709e5fd63ca346ac
  • https://github.com/BishopFox/sliver
  • https://github.com/bluesentinelsec/OffensiveGoLang
  • https://github.com/djhohnstein/CSharpCreateThreadExample
  • https://github.com/Ne0nd0g/merlin

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.