stager

Question

stager

sec13b opened this issue 5 months ago · comments

hi , i try generate payloads with CB , both Stager and Stageless , after click open the calc.exe dont show on listener.
GOOS=windows GOARCH=amd64 go build -o output/stager.exe template/main.go
GOOS=windows GOARCH=amd64 go build -o output/stageless.exe template/main.go
av show 1/26 Malwarebytes Anti-Malware Malware.AI , (False)

work only with shellcode from msf ?

3santree · Answer 1 · Tue Feb 13 2024 04:08:52 GMT+0800 (China Standard Time)

Is CB another payload generate like msf?
My code use go-shellcode as example to run the shellcode in the memory for windows. As long as the shellcode is legit, it should run.
If you wanna test the shellcode, run that using go-shellcode first, to make sure the shellcode is legit. If the shellcode is in fact good to run, there's must be my code's issue, probobly during encrypt/decrypting, that I have to debug.
Waiting for your response.

Sec13B · Answer 2 · Tue Feb 13 2024 08:09:24 GMT+0800 (China Standard Time)

cb- cobal strike .

can you test with cobalt strike , please

3santree · Answer 3 · Tue Feb 13 2024 23:38:41 GMT+0800 (China Standard Time)

I don't have cobal strike and I can't test it for you.
Go through the go-shellcode and replace the shellcode with yours and see if it runs.

Sec13B · Answer 4 · Tue Feb 13 2024 23:55:10 GMT+0800 (China Standard Time)

i will test , i like your work AV show 1/26 Malwarebytes AI , (False) , also the msf work better.
i used the public version shared by Pwn3rzs