Go is a popular tool for offensive programming these days. The antivirus vendors are still catching up to it since it is still a niche tool for ethical hacking purposes. In this tutorial you will learn how to write a Go program to open a new Notepad process. You will first find an open Notepad process (I just opened up one manually) and specify the PID (process ID).
This is a simple program that will start a new Notepad process and fail if there are any errors. The point of this is to show how the command works once the program has been converted into shellcode using Donut and injected into another process using DonutTest.
package main
import(
"os/exec"
"runtime"
"fmt"
)
func main() {
var cmd *exec.Cmd
if runtime.GOOS == "windows" {
cmd = exec.Command("notepad")
}
if err := cmd.Run(); err != nil {
panic(fmt.Sprintf("cmd.Run() failed with %s\n", err))
}
}
Use Donut For PIC Shellcode
Process-injectable-code (PIC) is shellcode that can be used to inject into a process. For Donut the default is x64 which will work for this test.
Use DonutTest To Inject Shellcode
Now you have shellcode, but as you may know, it can’t be used by itself. It has to be executed first. To do this you need to copy the base64 from the shellcode and enter it into DonutTest which can inject it into a process. I will inject into a Notepad process.
Copy the Base64 code using this command in PowerShell:DonutTest is a simple C# shellcode injector to use in testing donut. The shellcode must be base64 encoded and copied in as a string.
Now build the project with an x64 configuration set. Don’t forget this part! It won’t work without it.
Inject The Go Shellcode
The next step is to open a Notepad process (just open a Notepad) and then use DonutTest to inject into it. First you need the PID, so use tasklist. This command is easy enough to use
There should be a new Notepad process, this is the one you just injected the Go program’s shellcode into.
Want to see this in action in a real lab that you can create yourself for free?