In this article, I will show you basic stagers for Metasploit Framework written in Go. We will create Windows binary files that will use staging protocol to connect to the MSF listener. The idea behind creating our dropper is pretty simple - we want to avoid detection. Anti Virus software is instantly detecting and blocking default Metasploit stagers.
Why Go? Go is a simple and efficient programming language. It has a rich standard library, can be easily cross-compiled for different operating systems and platforms.
Some time ago, I stumbled upon Hershell a multi-platform reverse shell written in Go. Unfortunately, it was marked as malicious by our corporate antivirus solution.
As an exercise, I decided to create my version of the Golang multi-platform reverse-shell based on the Hershell code. There are some features I would like to have: reverse-shell should compile easily for different platforms: Windows, Linux, macOS for both x86 and x64 architectures.
The program needs to encrypt data in transit and should have some protection from connecting to any listener.