{"id":17383371,"url":"https://github.com/dobin/supermega","last_synced_at":"2025-04-05T03:04:31.572Z","repository":{"id":255316879,"uuid":"752570736","full_name":"dobin/SuperMega","owner":"dobin","description":"Stealthily inject shellcode into an executable","archived":false,"fork":false,"pushed_at":"2025-02-26T08:04:33.000Z","size":4076,"stargazers_count":164,"open_issues_count":5,"forks_count":34,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-05T03:03:51.139Z","etag":null,"topics":["injector-x64","shellcode","shellcode-loader"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dobin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-04T08:25:55.000Z","updated_at":"2025-04-03T12:52:25.000Z","dependencies_parsed_at":"2024-10-16T07:41:31.024Z","dependency_job_id":"ac692730-df9e-453a-bae6-f70a4163e28d","html_url":"https://github.com/dobin/SuperMega","commit_stats":null,"previous_names":["dobin/supermega"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2FSuperMega","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2FSuperMega/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2FSuperMega/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2FSuperMega/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dobin","download_url":"https://codeload.github.com/dobin/SuperMega/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247280262,"owners_count":20912967,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["injector-x64","shellcode","shellcode-loader"],"created_at":"2024-10-16T07:41:24.919Z","updated_at":"2025-04-05T03:04:31.555Z","avatar_url":"https://github.com/dobin.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SuperMega - Cordyceps Implementation\n\n\u003e Ophiocordyceps camponoti-balzani is a species of fungus that parasitizes \n\u003e insect hosts of the order Hymenoptera, primarily ants. O. \n\u003e camponoti-balzani infects ants, and eventually kills the hosts after \n\u003e they move to an ideal location for the fungus to spread its spores.\n\n\n## What\n\nSuperMega is a shellcode loader by injecting it into genuine executables (.exe or .dll).\nThe loader is programmed in C. \n\nThe idea is that injecting shellcode nicely into a non-malicious executable should make\nit less detected.\n\nFeatures:\n* Encrypt payload\n* Execution guardrails, so payload is only decrypted on target\n* Anti emulation, against AV emulators\n* EDR deconditioner, against EDR memory scan\n* Keep all original properties of the executable (imports etc.)\n* Very small carrier loader\n* Code execution with main function hijacking\n* No PEB walk, reuses IAT to execute windows api functions\n* Inject data into .rdata for the carrier shellcode\n* Patch IAT for missing functions for the carrier\n\nReferences: \n* [Slides](https://docs.google.com/presentation/d/1_gwd0M49ObHZO5JtrkZl1NPwRKXWVRm_zHTDdGqRl3Q/edit?usp=sharing) HITB2024 BKK \"My first and last shellcode loader\"\n* [Blog Supermega Loader](https://blog.deeb.ch/posts/supermega/)\n* [Blog Cordyceps File injection techniques](https://blog.deeb.ch/posts/exe-injection/)\n\n\n![SuperMega](https://raw.githubusercontent.com/dobin/supermega/master/web-screenshot.png)\n\n\n## Usage\n\n```\n\u003e ./web.py\n```\n\nBrowse to `http://localhost:5001\".\n\n\nAlternatively, use `./supermega.py --help`, but its not well supported.\n\n## Directories\n\n* `data/binary/shellcodes`: Input: Shellcodes we want to use as input (payload)\n* `data/binary/exes/`: Input: Nonmalicious EXE files we inject into\n* `data/source/carrier`: Input: Carrier C templates\n* `projects/\u003cprojectname\u003e`: output: Project directory with all files\n* `projects/default`: output: Project directory with all files\n\n\n## Installation\n\nVS2022 compilers.\n\nRequired:\n* `ml64.exe`\n* `cl.exe`\n\nOptional: \n* `r2.exe`\n\nAnd the python packages:\n```\n\u003e pip.exe install -r requirements.txt\n```\n\n### How to get the right paths\n\nEither start the \"visual studio developer console\", or \nuse the following commandline to get all the env right. \nUse this when `Cannot find Windows.h`.\n\n```\ncmd.exe /c \"`\"C:\\Program Files (x86)\\Microsoft Visual Studio\\\u003cyear\u003e\\\u003cedition\u003e\\Common7\\Tools\\VsDevCmd.bat`\" \u0026\u0026 powershell\"\n```\n\nAlso make sure radare2 is in path if you wanna use it:\n```\n$Env:PATH += \";C:\\Tools\\radare2-5.8.8-w64\\bin\"\n```\n\n\n### Alternative Path Setup\n\nTry using:\n```\n\"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Auxiliary\\Build\\vcvars64.bat\"\n```\n\nor the VS developer console to find the damn environment variables, and set \nit in your python console. In my case:\n```\n$env:INCLUDE = \"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.37.32822\\include;C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.37.32822\\ATLMFC\\include;C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Auxiliary\\VS\\include;C:\\Program Files (x86)\\Windows Kits\\10\\include\\10.0.22621.0\\ucrt;C:\\Program Files (x86)\\Windows Kits\\10\\\\include\\10.0.22621.0\\\\um;C:\\Program Files (x86)\\Windows Kits\\10\\\\include\\10.0.22621.0\\\\shared;C:\\Program Files (x86)\\Windows Kits\\10\\\\include\\10.0.22621.0\\\\winrt;C:\\Program Files (x86)\\Windows Kits\\10\\\\include\\10.0.22621.0\\\\cppwinrt;C:\\Program Files (x86)\\Windows Kits\\NETFXSDK\\4.8\\include\\um\"\n$env:LIB=\"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.37.32822\\ATLMFC\\lib\\x64;C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.37.32822\\lib\\x64;C:\\Program Files (x86)\\Windows Kits\\NETFXSDK\\4.8\\lib\\um\\x64;C:\\Program Files (x86)\\Windows Kits\\10\\lib\\10.0.22621.0\\ucrt\\x64;C:\\Program Files (x86)\\Windows Kits\\10\\\\lib\\10.0.22621.0\\\\um\\x64\"\n$env:LIBPATH=\"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.37.32822\\ATLMFC\\lib\\x64;C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.37.32822\\lib\\x64;C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.37.32822\\lib\\x86\\store\\references;C:\\Program Files (x86)\\Windows Kits\\10\\UnionMetadata\\10.0.22621.0;C:\\Program Files (x86)\\Windows Kits\\10\\References\\10.0.22621.0;C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\"\n```\n\n### VS2022 Components\n\nA list of packages/components which may be required for Visual Studio 2022:\n* C++ 2022 Redistributable Update\n* C++ Build Insights\n* C++ CMake tools for windows\n* C++ /CLI support for v143 build tools (lastest)\n* MSBuild\n* MSVC v133 - VS 2002 C++ x64/x86 build tools (latest)\n* C++ ATL for latest v143 build tools (x86 \u0026 x64)\n* C++ MFC for latest v143 build tools (x86 \u0026 x64)\n* Windows 11 SDK","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdobin%2Fsupermega","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdobin%2Fsupermega","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdobin%2Fsupermega/lists"}