Skip to content

dumpst3rfir3/youGOtserved

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
goSvc
goSvc
 
 
sc_obfuscator
sc_obfuscator
 
 
.gitignore
.gitignore
 
 
OIG3.QmdBp.jpg
OIG3.QmdBp.jpg
 
 
README.md
README.md
 
 
generate_service_exe.sh
generate_service_exe.sh
 
 

Repository files navigation

You GOt Served

This tool was developed for red team or other security testing purposes. It will simply take a shellcode (e.g., .bin) file, obfuscate the shellcode using Babble, and then build a Windows service executable that can run the shellcode. The service executable can also take arguments to install, start, stop, or remove the Windows service.

When the service executable runs, it decodes the shellcode (in place, in memory) and executes it using VirtualAlloc/RtlCopyMemory/VirtualProtect/CreateThread. The service executable is also built with customizable Windows Version Info to make it appear more like a "real" DLL.

There's probably a lot that could be cleaned up, hopefully I will get to it eventually - but for now, this works.

Prerequisites

go

Usage

This tool was designed to be used in Linux.

First, edit the versioninfo.template file in the goSvc directory, if desired. You can add your own description, company/copyright info., etc.

Then, from the root directory of the repository, run the generator script:

./generate_service_exe.sh /path/to/your/payload.bin [service_name]

If the optional second parameter is passed, that will be used as the name of the Windows service that gets created, as well as the name as the service executable itself. If no service name is passed, the default "youGOtserved" name will be used.

Once the service executable is created, you can drop it on a Windows machine and use the following commands:

# install the service that will use the executable 
# NOTE: the service bin path will be the current path of the executable when it's run
.\youGOtserved.exe install

# start the service
.\youGOtserved.exe start

# stop the service (which doesn't seem to work often when shellcode is running)
.\youGOtserved.exe stop

# Remove (delete) the service
.\youGOtserved.exe remove

Of course, you can install, start, stop, or delete the service using the usual Windows methods as well (sc.exe, New-Service, etc.).

Credit

These great libraries were used in the code:

...and I shamelessly copied code from the Windows service examples provided by the GO Project, as well as CreateThread code from this project:

About

Simple Windows service executable, written in Go, that executes shellcode that has been obfuscated with Babble.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages