Published on June 20th, 2016 📆 | 3378 Views ⚑0
ShellTer — A Dynamic Shellcode Injection Tool
ShellTer is an iptables-based firewall. What sets it apart from the rest is that it has built-in SSH brute force protection. It is simple to organize as well as it has an interactive CLI installer.
Shellter is a dynamic shellcode injection tool as well as possibly it was the first dynamic PE infector ever generated. It can be used in order to insert shellcode into local Windows applications that have recently 32-bit apps only. Even the shellcode can be something yours or something created via a framework just like Metasploit.
Shellter takes benefit of the real structure of the PE file as well as it does not affect any modification just like modifying the memory access permissions in sections except the user wants, adding an extra section with RWE access,and whatever it would look corrupt under an AV scan.
HOW DOES IT WORKS:
Shellter uses a unique dynamic approach that is based on the execution flow of the target application. It means that there are no static/predefined locations that are used for shellcode injection. Shellter will start and also trace the target when at the same time will log the execution flow of the application.
It is suggested that you use Windows XP SP3 (32/64-bit) and above.
CPU: The better the faster. It’s only a matter of time.
- Tracing 1 million instructions without Thread Context logging => ~ 6 MBs
- Tracing 1 million instructions with Thread Context logging => ~ 28 MBs
- Tracing 10 million instructions without Thread Context logging => ~ 40 MBs
- Tracing 10 million instructions with Thread Context logging => ~ 27
- Compatible with Windows x86/x64 (XP SP3 and above) & Wine/CrossOver for Linux/Mac.
- Portable – No setup is required.
- Doesn’t require extra dependencies (python, .net, etc…).
- No static PE templates, framework wrappers etc…
- Supports any 32-bit payload (generated either by Metasploit or custom ones by the user).
- Compatible with all types of encoding by Metasploit.
- Compatible with custom encoding created by the user.
- Stealth Mode.
- Multi-Payload PE infection.
- Proprietary Encoding.
- Dynamic Thread Context Keys.
- Supports Reflective DLL loaders.
- Embedded Metasploit Payloads.
- Junk code Polymorphic engine.
- Thread context aware Polymorphic engine.
- The user can use the custom Polymorphic code of his own.
- Takes advantage of Dynamic Thread Context information for anti-static analysis.
- Detects self-modifying code.
- Traces single and multi-thread applications.
- Fully dynamic injection locations based on the execution flow.
- Disassembles and shows to the user available injection points.
- The user chooses what to inject, when, and where.
- Command Line support.
GNU General Public License version 2.0 (GPLv2)