Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ngn13/shellexec

simple windows x64/x86 shellcode launcher
https://github.com/ngn13/shellexec

malware malware-development shellcode-injection shellcode-injector shellcode-loader win32 winapi windows-malware

Last synced: about 3 hours ago
JSON representation

simple windows x64/x86 shellcode launcher

Host: GitHub
URL: https://github.com/ngn13/shellexec
Owner: ngn13
License: gpl-3.0
Created: 2023-11-22T18:43:43.000Z (12 months ago)
Default Branch: main
Last Pushed: 2024-05-08T19:37:38.000Z (7 months ago)
Last Synced: 2024-05-08T20:46:46.449Z (7 months ago)
Topics: malware, malware-development, shellcode-injection, shellcode-injector, shellcode-loader, win32, winapi, windows-malware
Language: C++
Homepage:
Size: 257 KB
Stars: 1
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE.txt

Awesome Lists containing this project

README

# shellexec | shellcode launcher

Just a little shellcode launcher that I put together, written in C(++)

## Protections
- Shellcode encryption with XOR
- Fake error box to trick the user
- Process check (Checks for blacklisted processes)
- Debug check (`PEB->IsBeingDebugged`)
- VM check (CPUID)

## Configuration
The default configuration file can be found at [`config.json.default`](config.json.default).
After getting your raw shellcode and the configuration file ready, run the `config.py` script to
generate the `src/config.cpp` file:
```bash
python3 config.py
```

## Building
After running the `config.py` script, you can run the `build32.bat` script for a 32 bit build,
or the `build64.bat` script for a 64 bit build. **You will need to run these in a VS command prompt,
otherwise devenv won't be accessible**.

## How does it work?
1. Runs enabled protections, if protection checks fail then the program stops execution
2. XORed shellcode gets decrypted
3. Program loops over the process list and tries to find a target process
4. Writes the shellcode to target process' memory with `VirtualAllocEx` and `WriteProcessMemory`
5. Creates a thread for the process using `CreateRemoteThread` which just sleeps
6. Hijacks the new thread's execution using `SuspendThread` and `SetThreadContext`
7. If fails looks for an another process (aka goes back to step 3)
8. Lastly, program creates a fake error box if the config to do so is enabled

## Resources
- [Generating shellcode with metasploit](https://docs.metasploit.com/docs/using-metasploit/basics/how-to-use-msfvenom.html)
- [TIB](https://wikiless.org/wiki/Win32_Thread_Information_Block?lang=en)
- [CPUID](https://wikiless.org/wiki/CPUID?lang=en)
- [Thread hijacking](https://www.ired.team/offensive-security/code-injection-process-injection/injecting-to-remote-process-via-thread-hijacking)
- [CreateRemoteThread shellcode injection](https://www.ired.team/offensive-security/code-injection-process-injection/process-injection)