Skip to content
/ GoShell Public

A Go reverse shell with AES encryption, string obfuscation, debugger detection, and cross-platform compatibility, designed for educational purposes and authorized penetration testing.

License

MIT license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xrootmeow/GoShell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
main.go
main.go
 
 
readme.md
readme.md
 
 

Repository files navigation

Go Reverse Shell with Evasion Techniques

This Go program implements a reverse shell with several anti-detection and anti-debugging techniques, designed for educational purposes and authorized penetration testing. Use with caution and only in environments where you have explicit permission.

Disclaimer: This code is provided for educational purposes only. Unauthorized use is strictly prohibited. The author is not responsible for any misuse.

Features

  • Encrypted Communication:
    • Uses AES-256 encryption with a randomly generated Initialization Vector (IV) for each session to encrypt the communication between the attacker and the target.
    • The target host and port are also encrypted, making static analysis more difficult.
  • String Obfuscation:
    • Dynamically obfuscates critical strings (e.g., "powershell.exe", "/bin/sh") at runtime to evade signature-based detection.
  • Debugger Detection:
    • Checks for the presence of a debugger using the IsDebuggerPresent API on Windows, exiting if one is detected.
  • Cross-Platform Compatibility:
    • Works on both Windows and Linux systems, automatically selecting the appropriate shell.
  • Time Delays:
    • Includes a time delay in the init function to potentially evade timing-based detection.
  • Base64 Encoding:
    • Uses base64 encoding to hide the encrypted host and port.
  • Minimization of direct syscalls:
    • attempts to minimize the amount of direct syscalls.

Usage

  1. Generate Encrypted Host/Port and Key:
    • Run the Go program. It will print the encrypted host/port string and the base64-encoded key.
    • Copy these values.
  2. Update the Code:
    • Replace the placeholder encryptedHostPort and key values in the main.go file with the generated strings.
  3. Compile:
    • Windows: go build -ldflags="-H windowsgui" main.go
    • Linux: go build main.go
  4. Set up a Listener:
    • On your attacker machine, set up a netcat listener: nc -lvp <port>
  5. Run the Executable:
    • Execute the compiled binary on the target machine.

Code Explanation

  • Encryption/Decryption:
    • The encrypt and decrypt functions use AES-256 in CFB mode.
  • String Obfuscation:
    • The randomizeString function randomizes the bytes of strings.
  • Debugger Detection:
    • The isDebuggerPresent function uses the Windows API to detect debuggers.
  • Shell Selection:
    • The main function dynamically selects the appropriate shell based on the operating system.
  • Init Function:
    • The init function handles the encrypted host/port generation and debugger detection.

Building for Windows

If you are building this on windows, you can use this command:

go build -ldflags="-H windowsgui" main.go

About

A Go reverse shell with AES encryption, string obfuscation, debugger detection, and cross-platform compatibility, designed for educational purposes and authorized penetration testing.

Topics

golang cybersecurity offensive-security redteaming redteam redteam-infrastructure offensive-scripts redteam-tools

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages