Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created. It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only). The shellcode can be something yours or something generated through a framework, such as Metasploit.
Shellter takes advantage of the original structure of the PE file and
doesn’t apply any modification such as changing memory access
permissions in sections, adding an extra section with RWE access,and
whatever would look dodgy under an AV scan.
Shellter uses a unique dynamic approach which is based on the execution flow of the target application.
Shellter uses a unique dynamic approach which is based on the execution flow of
the target application. This means that no static/predefined locations are used
for shellcode injection. Shellter will launch and trace the target, while at the
same time will log the execution flow of the application.
Shellter traces the entire execution flow that occurs in userland. That means,
code inside the target application itself (PE image), and code outside of it
that might be in a system dll or on a heap, etc. This happens in order to ensure
that functions actually belonging to the target executable, but are only used as
callback functions for Windows APIs will not be missed.
However, the tracing engine will not log any instructions that are not in the
memory range of the PE image of the target application, since these cannot be
used as a reference to permanently inject the shellcode.
Why Need :: Executables created through Metasploit are most likely detected by most AV
vendors. By using Shellter, you automatically have an infinitely polymorphic
executable template, since you can use any 32-bit 'standalone' native Windows
executable to host your shellcode. By 'standalone' means an executable that
doesn't need any proprietary DLLs, apart from the system DLLs to load and run.
For example, notepad.exe, and many other applications you can find online, or
create by yourself as your own custom templates.
You can also use applications that make use of proprietary DLLs if those are
not required to create the process in the first place, and are normally loaded
later on if needed to execute code for a specific task. In case you select an
application that needs one or more proprietary DLLs to create the process in the
first place then you will have to include them in the same directory from where
you load the main executable. However, this is not recommended since it is more
convenient to have just a single executable to upload to the target.
Tutorials ::
System Requirement :: Windows XP SP3 (x32/x64) or HigherFull Description :: Click Here
Video Tutorial :: Click Here
Download ::
Windows :: Shellter v1.0 (.rar)
Official Website :: https://www.shellterproject.com/introducing-shellter/
0 comments :
Post a Comment