Black Hat Go

Go Programming for Hackers and Pentesters

by Tom Steele, Chris Patten, and Dan Kottmann

February 2020, 368 pp.

ISBN-13:

9781593278656

Download Chapter 2: TCP, SCANNERS, AND PROXIES

Black Hat Go explores the darker side of Go, the popular programming language revered by hackers for its simplicity, efficiency, and reliability. It provides an arsenal of practical tactics from the perspective of security practitioners and hackers to help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset, all using the power of Go.

You’ll begin your journey with a basic overview of Go’s syntax and philosophy and then start to explore examples that you can leverage for tool development, including common network protocols like HTTP, DNS, and SMB. You’ll then dig into various tactics and problems that penetration testers encounter, addressing things like data pilfering, packet sniffing, and exploit development. You’ll create dynamic, pluggable tools before diving into cryptography, attacking Microsoft Windows, and implementing steganography.

You'll learn how to:

Make performant tools that can be used for your own security projects
Create usable tools that interact with remote APIs
Scrape arbitrary HTML data
Use Go’s standard package, net/http, for building HTTP servers
Write your own DNS server and proxy
Use DNS tunneling to establish a C2 channel out of a restrictive network
Create a vulnerability fuzzer to discover an application’s security weaknesses
Use plug-ins and extensions to future-proof products
Build an RC2 symmetric-key brute-forcer
Implant data within a Portable Network Graphics (PNG) image

Are you ready to add to your arsenal of security tools? Then let’s Go!

Author Bio

Tom Steele, Dan Kottmann, and Chris Patten share over 30 years in penetration testing and offensive security experience, and have delivered multiple Go training and development sessions.

Table of contents

Chapter 1: Go Fundamentals and Concepts
Chapter 2: TCP and Go: Scanners and Proxies
Chapter 3: HTTP Clients: Remote Interaction with Tools
Chapter 4: HTTP Servers: Routing and Middleware
Chapter 5: Exploiting DNS: Recon and More
Chapter 6: SMB and NTLM: A Peek Down the Rabbit Hole
Chapter 7: Databases and Filesystems: Pilfering and Abusing
Chapter 8: Packet Processing: Living on the Wire
Chapter 9: Exploit Code: Writing and Porting
Chapter 10: Extendable Tools: Using Go Plugins and LUA
Chapter 11: Cryptography: Implementing and Attacking
Chapter 12: Windows: System Interaction and Analysis
Chapter 13: Steganography: Hiding Data
Chapter 14: Command and Control: Building a RAT

View the detailed Table of Contents
View the Index

Reviews

Author Tom Steele interviewed about Black Hat Go on Go Time podcast.

Updates

Page 50:
The code line that reads:
import { encoding/json" log net/http }

should read:
import ( encoding/json" log net/http )

Page 90: the code line that reads: $ docker run --rm -it -p 127.0.0.180:80 robbertkl/roundcube

should read:
$ docker run --rm -it -p 127.0.0.1:80:80 robbertkl/roundcube

Page 114: the for loop that currently reads:
for _, answer := range in.Answer { if a, ok := answer.(*dns.A); ok { ips = append(ips, a.A.String()) return ips, nil } } return ips, nil

should read:
for _, answer := range in.Answer { if a, ok := answer.(*dns.A); ok { ips = append(ips, a.A.String()) } } return ips, nil

Page 116: the code lines
for scanner.Scan() { fqdns } // Note: We could check scanner.Err() here.

should appear after the code lines
go func }() ... }()

Page 146: the code line that reads:
$ go get github.com/bhg/ch-6/smb

should read:
$ go get github.com/blackhatgo/bhg/ch-6/smb

Page 164: the code line that reads:
"github.com/bhg/ch-7/db/dbminer"

Should read:
"github.com/blackhatgo/bhg/ch-7/db/dbminer"

Page 222: the code line that reads:
"github.com/bhg/ch-10/plugin-core/scanner"

should read:
"github.com/blackhatgo/bhgg/ch-10/plugin-core/scanner"

Page 254: the code line that reads:
"github.com/bhg/ch-11/rc2-brute/rc2"

should read:
"github.com/blackhatgo/bhg/ch-11/rc2-brute/rc2"