Credit zaneGittins & Ne0nd0g

Never scan these exploits on public scanners.

This tool is created after combining online go injectors and some custom code.

---

Injection can be performed in following

1. CreateFiber
2. CreateProcess
3. CreateProcessWithPipe
4. CreateRemoteThread
5. CreateRemoteThreadNative
6. CreateThread
7. CreateThreadNative
8. EarlyBird
9. EnumerateLoadedModules
10. EtwpCreateEtwThread
11. NtQueueApcThreadEx-Local
12. RtlCreateUserThread
13. Syscall
14. UuidFromString

---

Stuff Needed

1. An independent HEX Code.
2. GO-LANG Installed in System.
3. Some basic Go-Lang knowlodge
4. Packeges of this repo installed // go get ....

---

Usage

1. At first put donut.exe(donut.exe), pe2hex.exe(pe2hex.exe) and your payload in same folder.
2. Start donut.exe -f {{your_payload}} // It will create independet payload.bin binary.
3. Start pe2hex.exe -h {{payload.bin}} //It will create an independent hex.txt which is hex code.
4. Use this HEX code in go lang file update already existing hex code.
5. Run the file. Using Go run {file.go}

References

• https://blog.sunggwanchoi.com/eng-uuid-shellcode-execution/
• https://github.com/Adepts-Of-0xCC/VBA-macro-experiments/blob/main/EDRHookDetector.vba
• https://github.com/brimstone/go-shellcode
• https://github.com/sysdream/hershell
• https://github.com/yoda66/MalwareDevTalk
• https://labs.jumpsec.com/2019/06/20/bypassing-antivirus-with-golang-gopher-it/
• https://medium.com/@justen.walker/breaking-all-the-rules-using-go-to-call-windows-api-2cbfd8c79724
• https://posts.specterops.io/adventures-in-dynamic-evasion-1fe0bac57aa
• https://research.nccgroup.com/2021/01/23/rift-analysing-a-lazarus-shellcode-execution-method/
• https://www.ired.team/offensive-security/code-injection-process-injection/apc-queue-code-injection
• https://github.com/abdullah2993/go-runpe