Brief Contents......Page 9
Contents in Detail......Page 11
Foreword......Page 17
Acknowledgments......Page 19
Introduction......Page 21
What This Book Isnβt......Page 22
Why You Might Not Love Go......Page 23
Chapter Overview......Page 24
Setting Up a Development Environment......Page 29
Setting GOPATH to Determine the Location of Your Go Workspace......Page 30
Choosing an Integrated Development Environment......Page 31
Using Common Go Tool Commands......Page 34
Data Types......Page 38
Control Structures......Page 42
Concurrency......Page 44
Error Handling......Page 45
Handling Structured Data......Page 46
Summary......Page 48
Chapter 2: TCP, Scanners, and Proxies......Page 49
Understanding the TCP Handshake......Page 50
Writing a TCP Scanner......Page 51
Testing for Port Availability......Page 52
Performing Nonconcurrent Scanning......Page 53
Performing Concurrent Scanning......Page 54
Using io.Reader and io.Writer......Page 60
Creating the Echo Server......Page 63
Improving the Code by Creating a Buffered Listener......Page 65
ProxyingΒ a TCPΒ ClientΒ ......Page 67
Replicating Netcat for Command ExecutionΒ ......Page 68
Summary......Page 72
Chapter 3: HTTP Clients and Remote Interaction with Tools......Page 73
Calling HTTP APIs......Page 74
Using Structured Response Parsing......Page 76
Reviewing the Steps for Building an API Client......Page 79
Designing the Project Structure......Page 80
Cleaning Up API Calls......Page 81
Querying Your Shodan Subscription......Page 82
Creating a Client......Page 86
Setting Up Your Environment......Page 87
Defining Your Objective......Page 89
Retrieving a Valid Token......Page 90
Defining Request and Response Methods......Page 91
Performing Remote Calls......Page 92
Creating a Utility Program......Page 95
Parsing Document Metadata with Bing Scraping......Page 96
Setting Up the Environment and Planning......Page 97
Defining the metadata Package......Page 99
Mapping the Data to Structs......Page 100
Searching and Receiving Files with Bing......Page 101
Summary......Page 104
Chapter 4: HTTP Servers, Routing, and Middleware......Page 105
Building a Simple Server......Page 106
Building a Simple Router......Page 107
Building Simple Middleware......Page 108
Routing with the gorilla/mux Package......Page 109
Building Middleware with Negroni......Page 111
Adding Authentication with Negroni......Page 114
Using Templates to Produce HTML Responses......Page 116
Credential Harvesting......Page 118
Keylogging with the WebSocket API......Page 121
Multiplexing Command-and-Control......Page 126
Summary......Page 130
Chapter 5: Exploiting DNS......Page 131
Retrieving A Records......Page 132
Processing Answers from a Msg struct......Page 134
Enumerating Subdomains......Page 135
Writing DNS Servers......Page 145
Lab Setup and Server Introduction......Page 146
Creating DNS Server and Proxy......Page 149
Summary......Page 158
Chapter 6: Interacting with SMB and NTLM......Page 159
Understanding SMB......Page 160
Understanding SMB Security Tokens......Page 161
Setting Up an SMB Session......Page 162
Using Mixed Encoding of Struct Fields......Page 163
Understanding Metadata and Referential Fields......Page 166
Understanding the SMB Implementation......Page 167
Guessing Passwords with SMB......Page 174
Reusing Passwords with the Pass-the-Hash Technique......Page 175
Recovering the NTLM Hash......Page 178
Summary......Page 179
Chapter 7: Abusing Databases and Filesystems......Page 181
Installing and Seeding MongoDB......Page 182
Installing and Seeding PostgreSQL and MySQL Databases......Page 184
Installing and Seeding Microsoft SQL Server Databases......Page 185
Querying MongoDB......Page 186
Querying SQL Databases......Page 188
Building a Database Miner......Page 189
Implementing a MongoDB Database Miner......Page 192
Implementing a MySQL Database Miner......Page 194
Pillaging a Filesystem......Page 198
Summary......Page 200
Chapter 8: Raw Packet Processing......Page 201
Identifying Devices by Using the pcap Subpackage......Page 202
Live Capturing and Filtering Results......Page 203
Sniffing and Displaying Cleartext User Credentials......Page 206
Checking TCP Flags......Page 208
Building the BPF Filter......Page 209
Writing the Port Scanner......Page 210
Summary......Page 213
Chapter 9: Writing and Porting Exploit Code......Page 215
Buffer Overflow Fuzzing......Page 216
SQL Injection Fuzzing......Page 220
Porting Exploits to Go......Page 224
Porting an Exploit from Python......Page 225
Porting an Exploit from C......Page 229
C Transform......Page 241
Num Transform......Page 242
Base64 Encoding......Page 243
Summary......Page 244
Chapter 10: Go Plugins and Extendable Tools......Page 245
Using Goβs Native Plug-in System......Page 246
Creating the Main Program......Page 247
Building a Password-Guessing Plug-in......Page 250
Running the Scanner......Page 252
Building Plug-ins in Lua......Page 253
Creating the head() HTTP Function......Page 254
Creating the get() Function......Page 255
Registering the Functions with the Lua VM......Page 257
Writing Your Main Function......Page 258
Creating Your Plug-in Script......Page 259
Summary......Page 260
Chapter 11: Implementing and Attacking Cryptography......Page 261
Reviewing Basic Cryptography Concepts......Page 262
Exploring Hashing......Page 263
Cracking an MD5 or SHA-256 Hash......Page 264
Implementing bcrypt......Page 265
Authenticating Messages......Page 267
Symmetric-Key Encryption......Page 270
Asymmetric Cryptography......Page 273
Getting Started......Page 280
Producing Work......Page 283
Performing Work and Decrypting Data......Page 285
Writing the Main Function......Page 286
Running the Program......Page 288
Summary......Page 289
The Windows APIβs OpenProcess() Function......Page 291
The unsafe.Pointer and uintptr Types......Page 294
Performing Process Injection with the syscall Package......Page 296
Defining the Windows DLLs and Assigning Variables......Page 298
Obtaining a Process Token with the OpenProcess Windows API......Page 299
Manipulating Memory with the VirtualAllocEx Windows API......Page 301
Writing to Memory with the WriteProcessMemory Windows API......Page 302
Executing the Malicious DLL Using the CreateRemoteThread Windows API......Page 303
Verifying Injection with the WaitforSingleObject Windows API......Page 304
Cleaning Up with the VirtualFreeEx Windows API......Page 305
Additional Exercises......Page 306
Understanding the PE File Format......Page 307
Writing a PE Parser......Page 308
Additional Exercises......Page 317
Creating a Message Box Using C and the Windows API......Page 318
Building Go into C......Page 319
Summary......Page 321
Chapter 13: Hiding Data with Steganography......Page 323
The Header......Page 324
The Chunk Sequence......Page 325
Reading the Header Data......Page 326
Reading the Chunk Sequence......Page 327
Writing Bytes with the ProcessImage() Method......Page 330
Encoding and Decoding Image Byte Data by Using XOR......Page 335
Additional Exercises......Page 340
Chapter 14: Building a Command-and-Control RAT......Page 343
Installing Protocol Buffers for Defining a gRPC API......Page 344
Defining and Building the gRPC API......Page 345
Implementing the Protocol Interface......Page 347
Writing the main() Function......Page 350
Creating the Client Implant......Page 351
Building the Admin Component......Page 353
Improving the RAT......Page 354
Register the Implants......Page 355
Support Multiple Implants......Page 356
Add ASCII Art......Page 357
Summary......Page 358
Index......Page 359
Blank Page......Page 2