Black Hat Go: Go Programming For Hackers and Pentesters

Brief Contents
Contents in Detail
Foreword
Acknowledgments
Introduction
	Who This Book Is For
	What This Book Isn’t
	Why Use Go for Hacking?
	Why You Might Not Love Go
	Chapter Overview
Chapter 1: Go Fundamentals
	Setting Up a Development Environment
		Downloading and Installing Go
		Setting GOROOT to Define the Go Binary Location
		Setting GOPATH to Determine the Location of Your Go Workspace
		Choosing an Integrated Development Environment
		Using Common Go Tool Commands
	Understanding Go Syntax
		Data Types
		Control Structures
		Concurrency
		Error Handling
		Handling Structured Data
	Summary
Chapter 2: TCP, Scanners, and Proxies
	Understanding the TCP Handshake
	Bypassing Firewalls with Port Forwarding
	Writing a TCP Scanner
		Testing for Port Availability
		Performing Nonconcurrent Scanning
		Performing Concurrent Scanning
	Building a TCP Proxy
		Using io.Reader and io.Writer
		Creating the Echo Server
		Improving the Code by Creating a Buffered Listener
		Proxying a TCP Client 
		Replicating Netcat for Command Execution 
	Summary
Chapter 3: HTTP Clients and Remote Interaction with Tools
	HTTP Fundamentals with Go
		Calling HTTP APIs
		Generating a Request
		Using Structured Response Parsing
	Building an HTTP Client That Interacts with Shodan
		Reviewing the Steps for Building an API Client
		Designing the Project Structure
		Cleaning Up API Calls
		Querying Your Shodan Subscription
		Creating a Client
	Interacting with Metasploit
		Setting Up Your Environment
		Defining Your Objective
		Retrieving a Valid Token
		Defining Request and Response Methods
		Creating a Configuration Struct and an RPC Method
		Performing Remote Calls
		Creating a Utility Program
	Parsing Document Metadata with Bing Scraping
		Setting Up the Environment and Planning
		Defining the metadata Package
		Mapping the Data to Structs
		Searching and Receiving Files with Bing
	Summary
Chapter 4: HTTP Servers, Routing, and Middleware
	HTTP Server Basics
		Building a Simple Server
		Building a Simple Router
		Building Simple Middleware
		Routing with the gorilla/mux Package
		Building Middleware with Negroni
		Adding Authentication with Negroni
		Using Templates to Produce HTML Responses
	Credential Harvesting
	Keylogging with the WebSocket API
	Multiplexing Command-and-Control
	Summary
Chapter 5: Exploiting DNS
	Writing DNS Clients
		Retrieving A Records
		Processing Answers from a Msg struct
		Enumerating Subdomains
	Writing DNS Servers
		Lab Setup and Server Introduction
		Creating DNS Server and Proxy
	Summary
Chapter 6: Interacting with SMB and NTLM
	The SMB Package
	Understanding SMB
		Understanding SMB Security Tokens
		Setting Up an SMB Session
		Using Mixed Encoding of Struct Fields
		Understanding Metadata and Referential Fields
		Understanding the SMB Implementation
	Guessing Passwords with SMB
	Reusing Passwords with the Pass-the-Hash Technique
	Recovering NTLM Passwords
		Calculating the Hash
		Recovering the NTLM Hash
	Summary
Chapter 7: Abusing Databases and Filesystems
	Setting Up Databases with Docker
		Installing and Seeding MongoDB
		Installing and Seeding PostgreSQL and MySQL Databases
		Installing and Seeding Microsoft SQL Server Databases
	Connecting and Querying Databases in Go
		Querying MongoDB
		Querying SQL Databases
	Building a Database Miner
		Implementing a MongoDB Database Miner
		Implementing a MySQL Database Miner
	Pillaging a Filesystem
	Summary
Chapter 8: Raw Packet Processing
	Setting Up Your Environment
	Identifying Devices by Using the pcap Subpackage
	Live Capturing and Filtering Results
	Sniffing and Displaying Cleartext User Credentials
	Port Scanning Through SYN-flood Protections
		Checking TCP Flags
		Building the BPF Filter
		Writing the Port Scanner
	Summary
Chapter 9: Writing and Porting Exploit Code
	Creating a Fuzzer
		Buffer Overflow Fuzzing
		SQL Injection Fuzzing
	Porting Exploits to Go
		Porting an Exploit from Python
		Porting an Exploit from C
	Creating Shellcode in Go
		C Transform
		Hex Transform
		Num Transform
		Raw Transform
		Base64 Encoding
		A Note on Assembly
	Summary
Chapter 10: Go Plugins and Extendable Tools
	Using Go’s Native Plug-in System
		Creating the Main Program
		Building a Password-Guessing Plug-in
		Running the Scanner
	Building Plug-ins in Lua
		Creating the head() HTTP Function
		Creating the get() Function
		Registering the Functions with the Lua VM
		Writing Your Main Function
		Creating Your Plug-in Script
		Testing the Lua Plug-in
	Summary
Chapter 11: Implementing and Attacking Cryptography
	Reviewing Basic Cryptography Concepts
	Understanding the Standard Crypto Library
	Exploring Hashing
		Cracking an MD5 or SHA-256 Hash
		Implementing bcrypt
	Authenticating Messages
	Encrypting Data
		Symmetric-Key Encryption
		Asymmetric Cryptography
	Brute-Forcing RC2
		Getting Started
		Producing Work
		Performing Work and Decrypting Data
		Writing the Main Function
		Running the Program
	Summary
Chapter 12: Windows System Interaction and Analysis
	The Windows API’s OpenProcess() Function
	The unsafe.Pointer and uintptr Types
	Performing Process Injection with the syscall Package
		Defining the Windows DLLs and Assigning Variables
		Obtaining a Process Token with the OpenProcess Windows API
		Manipulating Memory with the VirtualAllocEx Windows API
		Writing to Memory with the WriteProcessMemory Windows API
		Finding LoadLibraryA with the GetProcessAddress Windows API
		Executing the Malicious DLL Using the CreateRemoteThread Windows API
		Verifying Injection with the WaitforSingleObject Windows API
		Cleaning Up with the VirtualFreeEx Windows API
		Additional Exercises
	The Portable Executable File
		Understanding the PE File Format
		Writing a PE Parser
		Additional Exercises
	Using C with Go
		Installing a C Windows Toolchain
		Creating a Message Box Using C and the Windows API
		Building Go into C
	Summary
Chapter 13: Hiding Data with Steganography
	Exploring the PNG Format
		The Header
		The Chunk Sequence
	Reading Image Byte Data
		Reading the Header Data
		Reading the Chunk Sequence
	Writing Image Byte Data to Implant a Payload
		Locating a Chunk Offset
		Writing Bytes with the ProcessImage() Method
	Encoding and Decoding Image Byte Data by Using XOR
	Summary
	Additional Exercises
Chapter 14: Building a Command-and-Control RAT
	Getting Started
		Installing Protocol Buffers for Defining a gRPC API
		Creating the Project Workspace
	Defining and Building the gRPC API
	Creating the Server
		Implementing the Protocol Interface
		Writing the main() Function
	Creating the Client Implant
	Building the Admin Component
	Running the RAT
	Improving the RAT
		Encrypt Your Communications
		Handle Connection Disruptions
		Register the Implants
		Add Database Persistence
		Support Multiple Implants
		Add Implant Functionality
		Chain Operating System Commands
		Enhance the Implant’s Authenticity and Practice Good OPSEC
		Add ASCII Art
	Summary
Index
Blank Page