Black Hat Go explores the darker side of Go, the popular programming language revered by hackers for its simplicity, efficiency, and reliability. It provides an arsenal of practical tactics from the perspective of security practitioners and hackers to help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset, all using the power of Go. You’ll begin your journey with a basic overview of Go’s syntax and philosophy and then start to explore examples that you can leverage for tool development, including common network protocols like HTTP, DNS, and SMB. You’ll then dig into various tactics and problems that penetration testers encounter, addressing things like data pilfering, packet sniffing, and exploit development. You’ll create dynamic, pluggable tools before diving into cryptography, attacking Microsoft Windows, and implementing steganography. You'll Learn how to: • Make performant tools that can be used for your own security projects • Create usable tools that interact with remote APIs • Scrape arbitrary HTML data • Use Go’s standard package, net/http, for building HTTP servers • Write your own DNS server and proxy • Use DNS tunneling to establish a C2 channel out of a restrictive network • Create a vulnerability fuzzer to discover an application’s security weaknesses • Use plug-ins and extensions to future-proof products • Use plug-ins and extensions to future-proof products • Build an RC2 symmetric-key brute-forcer • Implant data within a Portable Network Graphics (PNG) image Are you ready to add to your arsenal of security tools? Then let’s Go! Brief Contents......Page 9 Contents in Detail......Page 11 Foreword......Page 17 Acknowledgments......Page 19 Introduction......Page 21 What This Book Isn’t......Page 22 Why You Might Not Love Go......Page 23 Chapter Overview......Page 24 Setting Up a Development Environment......Page 29 Setting GOPATH to Determine the Location of Your Go Workspace......Page 30 Choosing an Integrated Development Environment......Page 31 Using Common Go Tool Commands......Page 34 Data Types......Page 38 Control Structures......Page 42 Concurrency......Page 44 Error Handling......Page 45 Handling Structured Data......Page 46 Summary......Page 48 Chapter 2: TCP, Scanners, and Proxies......Page 49 Understanding the TCP Handshake......Page 50 Writing a TCP Scanner......Page 51 Testing for Port Availability......Page 52 Performing Nonconcurrent Scanning......Page 53 Performing Concurrent Scanning......Page 54 Using io.Reader and io.Writer......Page 60 Creating the Echo Server......Page 63 Improving the Code by Creating a Buffered Listener......Page 65 Proxying a TCP Client ......Page 67 Replicating Netcat for Command Execution ......Page 68 Summary......Page 72 Chapter 3: HTTP Clients and Remote Interaction with Tools......Page 73 Calling HTTP APIs......Page 74 Using Structured Response Parsing......Page 76 Reviewing the Steps for Building an API Client......Page 79 Designing the Project Structure......Page 80 Cleaning Up API Calls......Page 81 Querying Your Shodan Subscription......Page 82 Creating a Client......Page 86 Setting Up Your Environment......Page 87 Defining Your Objective......Page 89 Retrieving a Valid Token......Page 90 Defining Request and Response Methods......Page 91 Performing Remote Calls......Page 92 Creating a Utility Program......Page 95 Parsing Document Metadata with Bing Scraping......Page 96 Setting Up the Environment and Planning......Page 97 Defining the metadata Package......Page 99 Mapping the Data to Structs......Page 100 Searching and Receiving Files with Bing......Page 101 Summary......Page 104 Chapter 4: HTTP Servers, Routing, and Middleware......Page 105 Building a Simple Server......Page 106 Building a Simple Router......Page 107 Building Simple Middleware......Page 108 Routing with the gorilla/mux Package......Page 109 Building Middleware with Negroni......Page 111 Adding Authentication with Negroni......Page 114 Using Templates to Produce HTML Responses......Page 116 Credential Harvesting......Page 118 Keylogging with the WebSocket API......Page 121 Multiplexing Command-and-Control......Page 126 Summary......Page 130 Chapter 5: Exploiting DNS......Page 131 Retrieving A Records......Page 132 Processing Answers from a Msg struct......Page 134 Enumerating Subdomains......Page 135 Writing DNS Servers......Page 145 Lab Setup and Server Introduction......Page 146 Creating DNS Server and Proxy......Page 149 Summary......Page 158 Chapter 6: Interacting with SMB and NTLM......Page 159 Understanding SMB......Page 160 Understanding SMB Security Tokens......Page 161 Setting Up an SMB Session......Page 162 Using Mixed Encoding of Struct Fields......Page 163 Understanding Metadata and Referential Fields......Page 166 Understanding the SMB Implementation......Page 167 Guessing Passwords with SMB......Page 174 Reusing Passwords with the Pass-the-Hash Technique......Page 175 Recovering the NTLM Hash......Page 178 Summary......Page 179 Chapter 7: Abusing Databases and Filesystems......Page 181 Installing and Seeding MongoDB......Page 182 Installing and Seeding PostgreSQL and MySQL Databases......Page 184 Installing and Seeding Microsoft SQL Server Databases......Page 185 Querying MongoDB......Page 186 Querying SQL Databases......Page 188 Building a Database Miner......Page 189 Implementing a MongoDB Database Miner......Page 192 Implementing a MySQL Database Miner......Page 194 Pillaging a Filesystem......Page 198 Summary......Page 200 Chapter 8: Raw Packet Processing......Page 201 Identifying Devices by Using the pcap Subpackage......Page 202 Live Capturing and Filtering Results......Page 203 Sniffing and Displaying Cleartext User Credentials......Page 206 Checking TCP Flags......Page 208 Building the BPF Filter......Page 209 Writing the Port Scanner......Page 210 Summary......Page 213 Chapter 9: Writing and Porting Exploit Code......Page 215 Buffer Overflow Fuzzing......Page 216 SQL Injection Fuzzing......Page 220 Porting Exploits to Go......Page 224 Porting an Exploit from Python......Page 225 Porting an Exploit from C......Page 229 C Transform......Page 241 Num Transform......Page 242 Base64 Encoding......Page 243 Summary......Page 244 Chapter 10: Go Plugins and Extendable Tools......Page 245 Using Go’s Native Plug-in System......Page 246 Creating the Main Program......Page 247 Building a Password-Guessing Plug-in......Page 250 Running the Scanner......Page 252 Building Plug-ins in Lua......Page 253 Creating the head() HTTP Function......Page 254 Creating the get() Function......Page 255 Registering the Functions with the Lua VM......Page 257 Writing Your Main Function......Page 258 Creating Your Plug-in Script......Page 259 Summary......Page 260 Chapter 11: Implementing and Attacking Cryptography......Page 261 Reviewing Basic Cryptography Concepts......Page 262 Exploring Hashing......Page 263 Cracking an MD5 or SHA-256 Hash......Page 264 Implementing bcrypt......Page 265 Authenticating Messages......Page 267 Symmetric-Key Encryption......Page 270 Asymmetric Cryptography......Page 273 Getting Started......Page 280 Producing Work......Page 283 Performing Work and Decrypting Data......Page 285 Writing the Main Function......Page 286 Running the Program......Page 288 Summary......Page 289 The Windows API’s OpenProcess() Function......Page 291 The unsafe.Pointer and uintptr Types......Page 294 Performing Process Injection with the syscall Package......Page 296 Defining the Windows DLLs and Assigning Variables......Page 298 Obtaining a Process Token with the OpenProcess Windows API......Page 299 Manipulating Memory with the VirtualAllocEx Windows API......Page 301 Writing to Memory with the WriteProcessMemory Windows API......Page 302 Executing the Malicious DLL Using the CreateRemoteThread Windows API......Page 303 Verifying Injection with the WaitforSingleObject Windows API......Page 304 Cleaning Up with the VirtualFreeEx Windows API......Page 305 Additional Exercises......Page 306 Understanding the PE File Format......Page 307 Writing a PE Parser......Page 308 Additional Exercises......Page 317 Creating a Message Box Using C and the Windows API......Page 318 Building Go into C......Page 319 Summary......Page 321 Chapter 13: Hiding Data with Steganography......Page 323 The Header......Page 324 The Chunk Sequence......Page 325 Reading the Header Data......Page 326 Reading the Chunk Sequence......Page 327 Writing Bytes with the ProcessImage() Method......Page 330 Encoding and Decoding Image Byte Data by Using XOR......Page 335 Additional Exercises......Page 340 Chapter 14: Building a Command-and-Control RAT......Page 343 Installing Protocol Buffers for Defining a gRPC API......Page 344 Defining and Building the gRPC API......Page 345 Implementing the Protocol Interface......Page 347 Writing the main() Function......Page 350 Creating the Client Implant......Page 351 Building the Admin Component......Page 353 Improving the RAT......Page 354 Register the Implants......Page 355 Support Multiple Implants......Page 356 Add ASCII Art......Page 357 Summary......Page 358 Index......Page 359 Blank Page......Page 2 Like the best-selling Black Hat Python , Black Hat Go explores the darker side of the popular Go programming language. This collection of short scripts will help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset. Black Hat Go explores the darker side of Go, the popular programming language revered by hackers for its simplicity, efficiency, and reliability. It provides an arsenal of practical tactics from the perspective of security practitioners and hackers to help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset, all using the power of Go. You'll begin your journey with a basic overview of Go's syntax and philosophy and then start to explore examples that you can leverage for tool development, including common network protocols like HTTP, DNS, and SMB. You'll then dig into various tactics and problems that penetration testers encounter, addressing things like data pilfering, packet sniffing, and exploit development. You'll create dynamic, pluggable tools before diving into cryptography, attacking Microsoft Windows, and implementing steganography. You'll learn how to: Make performant tools that can be used for your own security projects Create usable tools that interact with remote APIs Scrape arbitrary HTML data Use Go's standard package, net/http, for building HTTP servers Write your own DNS server and proxy Use DNS tunneling to establish a C2 channel out of a restrictive network Create a vulnerability fuzzer to discover an application's security weaknesses Use plug-ins and extensions to future-proof productsBuild an RC2 symmetric-key brute-forcer Implant data within a Portable Network Graphics (PNG) image. Are you ready to add to your arsenal of security tools? Then let's Go! "A guide to Go that begins by introducing fundamentals like data types, control structures, and error handling. Provides instruction on how to use Go for tasks such as sniffing and processing packets, creating HTTP clients, and writing exploits."-- Provided by publisher