vFeed


Tools

Published on August 8th, 2014 | by MaxiSoler

0

Shellter v1.7 A Dynamic ShellCode Injector – Released

Shellter is a dynamic shellcode injection tool aka dynamic PE infector. It can  be used in order to inject shellcode into native Windows applications (currently 32-bit apps only). The shellcode can be something yours or something generated through a framework, such as Metasploit.

Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections, adding an extra section with RWE access, and whatever would look dodgy under an AV scan.

logo_shellter

 

Changelog v1.7

  • Minor updates/optimizations.

Changelog v1.6

  • Fixed a potential uninitialized variable access issue.
  • Minor updates in PE file validation method.
  • Other minor updates/optimizations.

Changelog v1.5

  • Fixed a potential error issue during process creation.
  • Added CREATE_NEW_CONSOLE flag to avoid I/O issues when tracing console applications.
  • Fixed a potential invalid pointer dereference issue when parsing a handcrafted PE.

 

It uses a unique dynamic approach which is based on the execution flow of the target application. This means that no static/predefined locations are used for shellcode injection. Shellter will launch and trace the target, while at the same time will log the execution flow of the application.

Also supports encoded/self-decrypting payloads by taking advantage of the Imports Table of the application. It will look for specific imported APIs that can be used on runtime to execute a self-decrypting payload without doing any modifications in the section’s characteristics from inside the PE Header.

At the moment 7 methods are supported for loading encoded payloads:

0. VirtualAlloc
1. VirtualAllocEx
2. VirtualProtect
3. VirtualProtectEx
4. HeapCreate/HeapAlloc
5. LoadLibrary/GetProcAddress
6. CreateFileMapping/MapViewOfFile

More Information: here

 

Download Shellter v1.7

Tags: , , , ,


About the Author

www.artssec.com @maxisoler



Back to Top ↑