diff --git a/cli/defaults.go b/cli/defaults.go index c3a5b9a..26a5d2e 100644 --- a/cli/defaults.go +++ b/cli/defaults.go @@ -6,21 +6,21 @@ import ( // Get default value for Options struct func GetDefaultCLIOptions() Options { - opts := Options{ - ShellcodePath: "", - AesKey: RandBytes(32), - Outfile: "myph-out.exe", - OS: "windows", - arch: "amd64", - Target: "explorer.exe", - } + opts := Options{ + ShellcodePath: "", + AesKey: RandBytes(32), + Outfile: "myph-out.exe", + OS: "windows", + arch: "amd64", + Target: "explorer.exe", + } - return opts + return opts } // Generate a random list of bytes func RandBytes(length int) []byte { - b := make([]byte, length) - rand.Read(b) - return b + b := make([]byte, length) + rand.Read(b) + return b } diff --git a/cli/parser.go b/cli/parser.go index 9e6a61c..7c6daa1 100644 --- a/cli/parser.go +++ b/cli/parser.go @@ -2,68 +2,71 @@ package cli import ( "fmt" - "os" - "github.com/spf13/cobra" "github.com/cmepw/myph/loader" + "github.com/spf13/cobra" + "os" ) func GetParser(opts *Options) *cobra.Command { - version := "0.0.1" - var cmd = &cobra.Command{ - Use: "myph", - Version: version, - DisableSuggestions : true, - Short: "AV bypass shellcode creation framework", - Long: `CLI to prepare your shellcode and do AV/EDR bypass`, - Run: func(cmd *cobra.Command, args []string) { + version := "0.0.1" + var cmd = &cobra.Command{ + Use: "myph", + Version: version, + DisableSuggestions: true, + Short: "AV bypass shellcode creation framework", + Long: `CLI to prepare your shellcode and do AV/EDR bypass`, + Run: func(cmd *cobra.Command, args []string) { - if opts.ShellcodePath == "" { - fmt.Println("[!] Please specify your shellcode's path with --shellcode") - os.Exit(1) - } + if opts.ShellcodePath == "" { + fmt.Println("[!] Please specify your shellcode's path with --shellcode") + os.Exit(1) + } - plaintext_payload, err := loader.ReadFile(opts.ShellcodePath); if err != nil { - fmt.Printf("[!] Read shellcode error: %s\n", err.Error()) - os.Exit(1) - } + plaintext_payload, err := loader.ReadFile(opts.ShellcodePath) + if err != nil { + fmt.Printf("[!] Read shellcode error: %s\n", err.Error()) + os.Exit(1) + } - fmt.Println("[+] Successfully read shellcode") - payload, err := loader.Encrypt(opts.AesKey, plaintext_payload); if err != nil { - fmt.Println(err.Error()) - os.Exit(1) - } + fmt.Println("[+] Successfully read shellcode") + payload, err := loader.Encrypt(opts.AesKey, plaintext_payload) + if err != nil { + fmt.Println(err.Error()) + os.Exit(1) + } - os.Setenv("GOOS", opts.OS) - os.Setenv("GOARCH", opts.arch) - s := loader.Shellcode{ - Payload: payload, - Filename: opts.Outfile, - AesKey: []byte(opts.AesKey), - Target: opts.Target, - } + os.Setenv("GOOS", opts.OS) + os.Setenv("GOARCH", opts.arch) + s := loader.Shellcode{ + Payload: payload, + Filename: opts.Outfile, + AesKey: []byte(opts.AesKey), + Target: opts.Target, + } - fmt.Println("[+] Encrypted shellcode with AES key") - toCompile := loader.LoadWindowsTemplate(s) - err = loader.WriteToTempfile(toCompile); if err != nil { - fmt.Printf("Write error: %s\n", err.Error()) - os.Exit(1) - } + fmt.Println("[+] Encrypted shellcode with AES key") + toCompile := loader.LoadWindowsTemplate(s) + err = loader.WriteToTempfile(toCompile) + if err != nil { + fmt.Printf("Write error: %s\n", err.Error()) + os.Exit(1) + } - fmt.Println("[+] loaded Windows template") + fmt.Println("[+] loaded Windows template") - /* run compilation */ - loader.Compile(s) - }, - } + /* run compilation */ + loader.Compile(s) + }, + } - defaults := GetDefaultCLIOptions() + defaults := GetDefaultCLIOptions() - cmd.PersistentFlags().StringVarP(&opts.Outfile, "outfile", "f", defaults.Outfile, "output filepath") - cmd.PersistentFlags().StringVarP(&opts.ShellcodePath, "shellcode", "s", defaults.ShellcodePath, "shellcode path") - cmd.PersistentFlags().BytesHexVarP(&opts.AesKey, "aes-key", "a", defaults.AesKey, "AES key for shellcode encryption") - cmd.PersistentFlags().StringVarP(&opts.arch, "arch", "r", defaults.arch, "architecture compilation target") - cmd.PersistentFlags().StringVarP(&opts.OS, "os", "o", defaults.OS, "OS compilation target") - cmd.PersistentFlags().StringVarP(&opts.Target, "target-process", "t", defaults.Target, "target for process injection") + cmd.PersistentFlags().StringVarP(&opts.Outfile, "outfile", "f", defaults.Outfile, "output filepath") + cmd.PersistentFlags().StringVarP(&opts.ShellcodePath, "shellcode", "s", defaults.ShellcodePath, "shellcode path") + cmd.PersistentFlags().BytesHexVarP(&opts.AesKey, "aes-key", "a", defaults.AesKey, "AES key for shellcode encryption") + cmd.PersistentFlags().StringVarP(&opts.arch, "arch", "r", defaults.arch, "architecture compilation target") + cmd.PersistentFlags().StringVarP(&opts.OS, "os", "o", defaults.OS, "OS compilation target") + cmd.PersistentFlags().StringVarP(&opts.Target, "target-process", "t", defaults.Target, "target for process injection") - return cmd + return cmd } diff --git a/cli/types.go b/cli/types.go index 3d4997a..61d9642 100644 --- a/cli/types.go +++ b/cli/types.go @@ -2,21 +2,21 @@ package cli type Options struct { - // Shellcode path - ShellcodePath string + // Shellcode path + ShellcodePath string - // Outfile path - Outfile string + // Outfile path + Outfile string - // AES shellcode encryption secret - AesKey []byte + // AES shellcode encryption secret + AesKey []byte - // os compilation target - OS string + // os compilation target + OS string - // arch compilation target - arch string + // arch compilation target + arch string - // target process name to inject - Target string + // target process name to inject + Target string } diff --git a/go.mod b/go.mod index 5d72a76..726564c 100644 --- a/go.mod +++ b/go.mod @@ -2,10 +2,7 @@ module github.com/cmepw/myph go 1.19 -require ( - github.com/spf13/cobra v1.6.1 - golang.org/x/sys v0.4.0 -) +require github.com/spf13/cobra v1.6.1 require ( github.com/inconshreveable/mousetrap v1.0.1 // indirect diff --git a/go.sum b/go.sum index a11885e..442875a 100644 --- a/go.sum +++ b/go.sum @@ -6,7 +6,5 @@ github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= -golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/loader/aes.go b/loader/aes.go index 5d86b70..35cbec2 100644 --- a/loader/aes.go +++ b/loader/aes.go @@ -4,30 +4,30 @@ import ( "crypto/aes" "fmt" - "crypto/cipher" - "crypto/rand" - "io" + "crypto/cipher" + "crypto/rand" + "io" ) func ToString(payload []byte) string { - return fmt.Sprint([]byte(payload)) + return fmt.Sprint([]byte(payload)) } func Encrypt(key []byte, plaintext []byte) ([]byte, error) { - c, err := aes.NewCipher(key) - if err != nil { - return nil, err - } + c, err := aes.NewCipher(key) + if err != nil { + return nil, err + } - gcm, err := cipher.NewGCM(c) - if err != nil { - return nil, err - } + gcm, err := cipher.NewGCM(c) + if err != nil { + return nil, err + } - nonce := make([]byte, gcm.NonceSize()) - if _, err = io.ReadFull(rand.Reader, nonce); err != nil { - return nil, err - } + nonce := make([]byte, gcm.NonceSize()) + if _, err = io.ReadFull(rand.Reader, nonce); err != nil { + return nil, err + } - return gcm.Seal(nonce, nonce, plaintext, nil), nil + return gcm.Seal(nonce, nonce, plaintext, nil), nil } diff --git a/loader/compile.go b/loader/compile.go index 0727896..bb5f8cb 100644 --- a/loader/compile.go +++ b/loader/compile.go @@ -1,26 +1,26 @@ package loader import ( - "os" - "fmt" - "os/exec" + "fmt" + "os" + "os/exec" ) func Compile(sc Shellcode) { - err := exec.Command( - "go", - "build", - "-ldflags", - "-s -w -H=windowsgui", - "-o", - sc.Filename, - "tmp.go", - ).Run(); if err != nil { - println("[!] Compile error: " + err.Error()) - os.Exit(1) - } - fmt.Println("[+] Successfully compiled shellcode") - os.Remove("tmp.go") - + err := exec.Command( + "go", + "build", + "-ldflags", + "-s -w -H=windowsgui", + "-o", + sc.Filename, + "tmp.go", + ).Run() + if err != nil { + println("[!] Compile error: " + err.Error()) + os.Exit(1) + } + fmt.Println("[+] Successfully compiled shellcode") + os.Remove("tmp.go") } diff --git a/loader/types.go b/loader/types.go index 4e77409..99bbce7 100644 --- a/loader/types.go +++ b/loader/types.go @@ -1,16 +1,15 @@ -package loader; - +package loader type Shellcode struct { - // payload in bytes - Payload []byte + // payload in bytes + Payload []byte - // output filename - Filename string + // output filename + Filename string - // AES key used for encryption & decrpytion - AesKey []byte + // AES key used for encryption & decrpytion + AesKey []byte - // target process name to inject - Target string + // target process name to inject + Target string } diff --git a/loader/utils.go b/loader/utils.go index 1ee01b7..95bb9fc 100644 --- a/loader/utils.go +++ b/loader/utils.go @@ -10,33 +10,35 @@ import ( func ReadFile(filepath string) ([]byte, error) { - buf := bytes.NewBuffer(nil) - f, err := os.Open(filepath); if err != nil { - return []byte{}, err - } + buf := bytes.NewBuffer(nil) + f, err := os.Open(filepath) + if err != nil { + return []byte{}, err + } - io.Copy(buf, f) - f.Close() + io.Copy(buf, f) + f.Close() - return buf.Bytes(), nil + return buf.Bytes(), nil } func WriteToTempfile(payload string) error { - // create file - f, err := os.Create("tmp.go") - if err != nil { - log.Fatal(err) - } - defer f.Close() - - buffer := bufio.NewWriter(f) - _, err = buffer.WriteString(payload + "\n"); if err != nil { - log.Fatal(err) - } - - // flush buffered data to the file - if err := buffer.Flush(); err != nil { - log.Fatal(err) - } - return nil + // create file + f, err := os.Create("tmp.go") + if err != nil { + log.Fatal(err) + } + defer f.Close() + + buffer := bufio.NewWriter(f) + _, err = buffer.WriteString(payload + "\n") + if err != nil { + log.Fatal(err) + } + + // flush buffered data to the file + if err := buffer.Flush(); err != nil { + log.Fatal(err) + } + return nil } diff --git a/loader/windows.go b/loader/windows.go index 9f5ea2a..04e2eaf 100644 --- a/loader/windows.go +++ b/loader/windows.go @@ -6,11 +6,11 @@ import ( func LoadWindowsTemplate(s Shellcode) string { - hexShellcode := ToString(s.Payload) - hexKey := ToString(s.AesKey) - hexTarget := ToString([]byte(s.Target)) + hexShellcode := ToString(s.Payload) + hexKey := ToString(s.AesKey) + hexTarget := ToString([]byte(s.Target)) - return fmt.Sprintf(` + return fmt.Sprintf(` package main import ( diff --git a/main.go b/main.go index ce5551e..3f8b3d1 100644 --- a/main.go +++ b/main.go @@ -1,12 +1,12 @@ package main import ( - "github.com/cmepw/myph/cli" + "github.com/cmepw/myph/cli" ) func main() { - opts := cli.GetDefaultCLIOptions() - parser := cli.GetParser(&opts) + opts := cli.GetDefaultCLIOptions() + parser := cli.GetParser(&opts) - parser.ExecuteC() + parser.ExecuteC() }