Shellcode implementation of Reflective DLL Injection by Golang. Convert DLLs to position independent shellcode

TimWhite

Last update: Dec 8, 2022

Comments: 0

🐸 Frog For Automatic Scan
🐶 Doge For Defense Evasion&Offensive Security

Doge-sRDI

Shellcode implementation of Reflective DLL Injection by Golang. Convert DLLs to position independent shellcode

Big thanks to Sliver project and leoloobeek

Sliver

ShellcodeRDI.go

sRDI raw project

Usage

srdi.exe [dllName] [Args(not necessary)] [entryPoint(not necessary)]

PS D:\> .\srdi.exe .\Outflank-PsC.dll
Outflank-PsC.bin
PS D:\> .\loader.exe .\Outflank-PsC.bin 1
Mess with the banana, die like the... banana?

--------------------------------------------------------------------

[+] ProcessName:   svchost.exe
    ProcessID:     3968
    PPID:          940 (services.exe)
    CreateTime:    17/03/2021 21:01
    Path:          C:\Windows\System32\svchost.exe
    ImageType:     64-bit
    CompanyName:   Microsoft Corporation
    Description:   Windows ?????
    Version:       10.0.19041.867

......

🚀 Star Trend

etc

开源的样本大部分可能已经无法免杀,需要自行修改
我认为基础核心代码的开源与整理能够帮助想学习的人
本人从github大佬项目中学到了很多，感谢
若用本人项目去进行：HW演练/红蓝对抗/APT/黑产/恶意行为/违法行为/割韭菜，等行为，本人概不负责，也与本人无关
本人已不参与大小HW活动的攻击方了，若溯源到timwhite id与本人无关

Owner

TimWhite

Offensive Security Researcher / Bug Hunter.

https://github.com/timwhitez/Doge-sRDI

A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.

jndi-ldap-test-server This is a minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2

Oct 3, 2022

Convert SSH Ed25519 keys to age keys. This is useful for usage in sops-nix and sops

ssh-to-age Convert SSH Ed25519 keys to age keys. This is useful for usage in sops-nix and sops Usage Exports the private key: $ ssh-to-age -private-ke

Dec 21, 2022

Update-java-ca-certificates - Small utility to convert the system trust store to a system Java KeyStore

update-java-ca-certificates This small utility takes care of creating a system-w

Dec 28, 2022

CVE-2021-4034 - A Golang implementation of clubby789's implementation of CVE-2021-4034

CVE-2021-4034 January 25, 2022 | An00bRektn This is a golang implementation of C

Feb 3, 2022

A probably paranoid Golang utility library for securely hashing and encrypting passwords based on the Dropbox method. This implementation uses Blake2b, Scrypt and XSalsa20-Poly1305 (via NaCl SecretBox) to create secure password hashes that are also encrypted using a master passphrase.

goSecretBoxPassword This is a Golang library for securing passwords it is based on the Dropbox method for password storage. The both passphrases are f

Jan 3, 2023

PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. You can use PHP like functions in your app, module etc. when you add this module to your project.

PHP Functions for Golang - phpfuncs PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. Y

Dec 30, 2022

Golang implementation of ECVRF-EDWARDS25519-SHA512-TAI, a verifiable random function described in draft-irtf-cfrg-vrf-10.

Go-ECVRF Go-ECVRF is a library that implements ECVRF-EDWARDS25519-SHA512-TAI, a verifiable random function described in draft-irtf-cfrg-vrf-10. By des

Aug 10, 2022

This repo contains golang implementation of common DSA problems

DSA This repo contains golang implementation of common DSA problems Trees Tree T

Jan 10, 2022

Kerberoasting attack implementation in Golang using go-ldap and gokrb5

Goberoast Kerberoasting attack implementation in Golang using go-ldap and gokrb5. Build You can build the project by simply typing go build within the

Jan 19, 2022

Shellcode implementation of Reflective DLL Injection by Golang. Convert DLLs to position independent shellcode

Doge-sRDI

Big thanks to Sliver project and leoloobeek

Usage

🚀 Star Trend

etc

Owner

TimWhite

Similar Resources

A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.

Convert SSH Ed25519 keys to age keys. This is useful for usage in sops-nix and sops

Update-java-ca-certificates - Small utility to convert the system trust store to a system Java KeyStore

CVE-2021-4034 - A Golang implementation of clubby789's implementation of CVE-2021-4034

A probably paranoid Golang utility library for securely hashing and encrypting passwords based on the Dropbox method. This implementation uses Blake2b, Scrypt and XSalsa20-Poly1305 (via NaCl SecretBox) to create secure password hashes that are also encrypted using a master passphrase.

PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. You can use PHP like functions in your app, module etc. when you add this module to your project.

Golang implementation of ECVRF-EDWARDS25519-SHA512-TAI, a verifiable random function described in draft-irtf-cfrg-vrf-10.

This repo contains golang implementation of common DSA problems

Kerberoasting attack implementation in Golang using go-ldap and gokrb5

Related tags

FunctionStomping (using golang) : A new shellcode injection technique.

Go binary that finds .EXEs and .DLLs on the system that don't have security controls enabled

In 'n Out - See what goes in and comes out of PEs/DLLs

Based on user32.dll, go language is implemented to call function MessageBoxW of Windows platform

pe -> shellcode -> shellcodeLoader -> (pe2shellcode - go on?)

Shellcode-bypass-go - Go语言免杀shellcode

Demo of process injection, using Nt, direct syscall, etc.

Confluence OGNL Injection [CVE-2021-26084].

CVE-2021-26084 - Confluence Server Webwork OGNL injection (Pre-Auth RCE)

Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.