Skip to content
/ johnny_dllaze Public

Simple generator of Go DLL shellcode loader, with shellcode obfuscated using Babble.

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dumpst3rfir3/johnny_dllaze

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
goDLL
goDLL
 
 
goEXE
goEXE
 
 
sc_obfuscator
sc_obfuscator
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
generate_payload.sh
generate_payload.sh
 
 
johnny_dllaze.jpg
johnny_dllaze.jpg
 
 
logo.sh
logo.sh
 
 

Repository files navigation

Johnny DLLaze, GOst Writer

This tool was developed for red team or other security testing purposes. It will simply take a shellcode (e.g., .bin) file, obfuscate the shellcode using Babble, and then build a DLL (written in Go) that decodes the shellcode (in place, in memory) and executes it using VirtualAlloc/RtlCopyMemory/VirtualProtect/CreateThread. The DLL is also built with customizable Windows Version Info to make it appear more like a "real" DLL.

Additionally, thanks to ineffectivecoder, this tool now also generates a "bring your own sideload" executable (goader.exe) that can be used to load the DLL (which will execute the shellcode) by simply placing the DLL in the same directory as goader. Furthermore, the tool can optionally create an ISO file with both goader and the DLL (which will be given the hidden attribute within the ISO so that, by default, it won't be viewable in Windows) that can be used for social engineering attack tests.

Prerequisites

go
mingw-w64-gcc
cdrtools
# cdrtools is needed for mkisofs, only if using the option to
# create the iso

Usage

This tool was designed to be used in Linux.

First, edit the versioninfo.json file in the goDLL directory, if desired. You can add your own description, company/copyright info., etc.

Then, from the root directory of the repository, run:

./generate_payload.sh /path/to/your/payload.bin [output_dll_filename.dll] [output_iso_filename.iso]

If the optional second parameter is passed, that will be used as the output filename for the DLL. Otherwise, it will be named updater.dll. Once it's built, it can be executed with regsvr32, rundll32 (Main, DllRegisterServer, and DllUnRegisterServer are all exported), or sideload (e.g., with goader.exe).

If the optional third parameter is passed, that be used as the output filename for the ISO image. Otherwise, no ISO file will be created.

All output files, including the DLL, the goader.exe file for sideloading, and the optional ISO file, will be located in the payloads directory.

Credit

All the goader sideloader and ISO creation code was written and contributed by ineffectivecoder. Special shout out to mjwhitta for all of his help, especially the arTTY logo used in the generator script.

These great libraries were used in the code:

...and I shamelessly copied code from these sources:

About

Simple generator of Go DLL shellcode loader, with shellcode obfuscated using Babble.

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages