Black Hat Go: Go Programming for Hackers and Pentesters (2020) – Dan Kottmann

CONTENTS IN DETAIL
FOREWORD by HD Moore
ACKNOWLEDGMENTS
INTRODUCTION
Who This Book Is For
What This Book Isn’t
Why Use Go for Hacking?
Why You Might Not Love Go
Chapter Overview
1
GO FUNDAMENTALS
Setting Up a Development Environment
Downloading and Installing Go
Setting GOROOT to Define the Go Binary Location
Setting GOPATH to Determine the Location of Your Go Workspace
Choosing an Integrated Development Environment
Using Common Go Tool Commands
Understanding Go Syntax
Data Types
Control Structures
Concurrency
Error Handling
Handling Structured Data
Summary
2
TCP, SCANNERS, AND PROXIES
Understanding the TCP Handshake
Bypassing Firewalls with Port Forwarding
Writing a TCP Scanner
Testing for Port Availability
Performing Nonconcurrent Scanning
Performing Concurrent Scanning
Building a TCP Proxy
Using io.Reader and io.Writer
Creating the Echo Server
Improving the Code by Creating a Buffered Listener
Proxying a TCP Client
Replicating Netcat for Command Execution
Summary
3
HTTP CLIENTS AND REMOTE INTERACTION WITH TOOLS
HTTP Fundamentals with Go
Calling HTTP APIs
Generating a Request
Using Structured Response Parsing
Building an HTTP Client That Interacts with Shodan
Reviewing the Steps for Building an API Client
Designing the Project Structure
Cleaning Up API Calls
Querying Your Shodan Subscription
Creating a Client
Interacting with Metasploit
Setting Up Your Environment
Defining Your Objective
Retrieving a Valid Token
Defining Request and Response Methods
Creating a Configuration Struct and an RPC Method
Performing Remote Calls
Creating a Utility Program
Parsing Document Metadata with Bing Scraping
Setting Up the Environment and Planning
Defining the metadata Package
Mapping the Data to Structs
Searching and Receiving Files with Bing
Summary
4
HTTP SERVERS, ROUTING, AND MIDDLEWARE
HTTP Server Basics
Building a Simple Server
Building a Simple Router
Building Simple Middleware
Routing with the gorilla/mux Package
Building Middleware with Negroni
Adding Authentication with Negroni
Using Templates to Produce HTML Responses
Credential Harvesting
Keylogging with the WebSocket API
Multiplexing Command-and-Control
Summary
5
EXPLOITING DNS
Writing DNS Clients
Retrieving A Records
Processing Answers from a Msg struct
Enumerating Subdomains
Writing DNS Servers
Lab Setup and Server Introduction
Creating DNS Server and Proxy
Summary
6
INTERACTING WITH SMB AND NTLM
The SMB Package
Understanding SMB
Understanding SMB Security Tokens
Setting Up an SMB Session
Using Mixed Encoding of Struct Fields
Understanding Metadata and Referential Fields
Understanding the SMB Implementation
Guessing Passwords with SMB
Reusing Passwords with the Pass-the-Hash Technique
Recovering NTLM Passwords
Calculating the Hash
Recovering the NTLM Hash
Summary
7
ABUSING DATABASES AND FILESYSTEMS
Setting Up Databases with Docker
Installing and Seeding MongoDB
Installing and Seeding PostgreSQL and MySQL Databases
Installing and Seeding Microsoft SQL Server Databases
Connecting and Querying Databases in Go
Querying MongoDB
Querying SQL Databases
Building a Database Miner
Implementing a MongoDB Database Miner
Implementing a MySQL Database Miner
Pillaging a Filesystem
Summary
8
RAW PACKET PROCESSING
Setting Up Your Environment
Identifying Devices by Using the pcap Subpackage
Live Capturing and Filtering Results
Sniffing and Displaying Cleartext User Credentials
Port Scanning Through SYN-flood Protections
Checking TCP Flags
Building the BPF Filter
Writing the Port Scanner
Summary
9
WRITING AND PORTING EXPLOIT CODE
Creating a Fuzzer
Buffer Overflow Fuzzing
SQL Injection Fuzzing
Porting Exploits to Go
Porting an Exploit from Python
Porting an Exploit from C
Creating Shellcode in Go
C Transform
Hex Transform
Num Transform
Raw Transform
Base64 Encoding
A Note on Assembly
Summary
10
GO PLUGINS AND EXTENDABLE TOOLS
Using Go’s Native Plug-in System
Creating the Main Program
Building a Password-Guessing Plug-in
Running the Scanner
Building Plug-ins in Lua
Creating the head() HTTP Function
Creating the get() Function
Registering the Functions with the Lua VM
Writing Your Main Function
Creating Your Plug-in Script
Testing the Lua Plug-in
Summary
11
IMPLEMENTING AND ATTACKING CRYPTOGRAPHY
Reviewing Basic Cryptography Concepts
Understanding the Standard Crypto Library
Exploring Hashing
Cracking an MD5 or SHA-256 Hash
Implementing bcrypt
Authenticating Messages
Encrypting Data
Symmetric-Key Encryption
Asymmetric Cryptography
Brute-Forcing RC2
Getting Started
Producing Work
Performing Work and Decrypting Data
Writing the Main Function
Running the Program
Summary
12
WINDOWS SYSTEM INTERACTION AND ANALYSIS
The Windows API’s OpenProcess() Function
The unsafe.Pointer and uintptr Types
Performing Process Injection with the syscall Package
Defining the Windows DLLs and Assigning Variables
Obtaining a Process Token with the OpenProcess Windows API
Manipulating Memory with the VirtualAllocEx Windows API
Writing to Memory with the WriteProcessMemory Windows API
Finding LoadLibraryA with the GetProcessAddress Windows API
Executing the Malicious DLL Using the CreateRemoteThread Windows API
Verifying Injection with the WaitforSingleObject Windows API
Cleaning Up with the VirtualFreeEx Windows API
Additional Exercises
The Portable Executable File
Understanding the PE File Format
Writing a PE Parser
Additional Exercises
Using C with Go
Installing a C Windows Toolchain
Creating a Message Box Using C and the Windows API
Building Go into C
Summary
13
HIDING DATA WITH STEGANOGRAPHY
Exploring the PNG Format
The Header
The Chunk Sequence
Reading Image Byte Data
Reading the Header Data
Reading the Chunk Sequence
Writing Image Byte Data to Implant a Payload
Locating a Chunk Offset
Writing Bytes with the ProcessImage() Method
Encoding and Decoding Image Byte Data by Using XOR
Summary
Additional Exercises
14
BUILDING A COMMAND-AND-CONTROL RAT
Getting Started
Installing Protocol Buffers for Defining a gRPC API
Creating the Project Workspace
Defining and Building the gRPC API
Creating the Server
Implementing the Protocol Interface
Writing the main() Function
Creating the Client Implant
Building the Admin Component
Running the RAT
Improving the RAT
Encrypt Your Communications
Handle Connection Disruptions
Register the Implants
Add Database Persistence
Support Multiple Implants
Add Implant Functionality
Chain Operating System Commands
Enhance the Implant’s Authenticity and Practice Good OPSEC
Add ASCII Art
Summary
INDEX