Volatile ELF payloads generator with Metasploit integrations for testing GNU/Linux ecosystems against low-level threats

Overview

Revenant


Revenant

                                   Lang            License         Version           Version

                                   Target      Target      Target      Target


Intro

This tool combines SCC runtime, rofi, Msfvenom, Ngrok and a dynamic template processor, offering an easy to use interface for compiling custom, highly evasive ELF payloads for testing Linux ecosystems. Automatic integration with Metasploit Framework Console offers infinite prototypying possibilities.

Usage

Simply install all required dependencies using apt-get or any other package manager. Running ./install.sh should usually suffice. Issuing ./revenant.sh afterwards will start a TUI session.

Features

  • Free code composition from templates - every C fragment is self-contained; can be placed anywhere within the source.
  • Responsive, fast TUI.
  • Non-standard payloads for daemonization/IPC, pingbacks, system mapping, data exfiltration, persistence, process priority manipulation, mutexes, networking etc.
  • Powerful macro processor - forget about complex hex conversions or constantly looking up your machine's address - all context-specific variables are filled automatically.
  • Extended bad characters removal from generated binary blob.
  • Integration with reverse TCP tunnels.
  • Ideal for both stage0 and stage1+ delivery strategy thanks to a raw Assembly dropper.
  • Generic command stagers if no SO/BO-based vuln is present, yet Remote Command Execution was identified as a possible entrypoint.
  • Highly automated encoding and encryption, including random combination of encoders thanks to scc and msf flexibility.
  • Anti-disassembly techniques - random breakpoint/syscall insertion every X instructions.
  • Optional power source detector to restrict payload's operativeness to servers and workstations.
  • A general purpose CIDR lock for the similar purpose as power source detector.
  • Not a Metasploit fan? The initialization of the framework can be disabled after the ELF compilation, leaving you just with a freshly baked binary file.
  • A wide range of sandbox/virtualization detection methods, with customizable action triggers when VM check returns true. Some of them are quite new
  • NOP sled (canonical/non-canonical) and junk data padding can be enabled to increase polymorphism and reliability in less stable exploits.
  • Crafted source in C is opened in default editor before compilation to enable easy changes and fixes.

Screenshots

Main dialog



Compiler with Metasploit importer



Available C fragments




Payload creation interface



Log window


Example TUI session

https://www.youtube.com/watch?v=J-2RcmiMFJo

Ngrok setup

Please make sure to fill the pool of authtokens inside tokens.txt before issuing a tunneled connection.

Full version

If interested in the Full or Enterprise version of the framework, please contact us

You might also like...
A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

This repository contains a personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to

A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level security.

WinKernel-Resources A list of excellent resources for anyone trying to deepen their understanding with regards to Windows Kernel Exploitation and gene

S2-LP driver library, low-level and easy-to-port

S2-LP Library This library provides a simple way to use S2-LP transciever module. This library is WIP, but mostly done. https://www.st.com/en/wireless

Low level library to develop GBA games that can also be built for PC.

Universal GBA Library 1. Introduction This is a library for development of GBA games. It can be used to build actual GBA game ROMs, but it can also ta

Tiny - low-level library for minimizing the size of your types
Tiny - low-level library for minimizing the size of your types

foonathan/tiny Note: This project is currently WIP, no guarantees are made until an 0.1 release. This project is a C++11 library for putting every las

The PNT Integrity Library provides users a method to verify the integrity of the received GPS data and ranging signals, thereby improving resiliency against potential GPS signal loss.

PNT Integrity Library The PNT Integrity Library provides users a method to verify the integrity of the received GPS data and ranging signals, thereby

Programming language that compiles into a x86 ELF executable.

ocean Programming language that compiles into a x86 ELF executable. The main goal at the moment is to create a C compiler, which can atleast compile i

Remap ELF LOAD segments to huge pages

Quick start Not recommended as a production solution, but it's a very fast way to benchmark if your application benefits from remapping your text and

Owner
Red Code Labs
Finest tooling for advanced adversarial simulations
Red Code Labs
High-level interface for low-level programming

Singeli Singeli is now able to compile useful programs to C, but it's very rough around the edges, with poor error reporting. We are beginning to use

Marshall Lochbaum 32 Sep 25, 2022
A water tank level sensor **Built With WisBlock** to detect overflow and low level conditions.

RAK12014 Laser TOF sensor coming soon WisBlock Watertank Level Sensor Watertank Overflow detection using the RAKwireless WisBlock modules. It implemen

Bernd Giesecke 3 Feb 3, 2022
Linux x86_64 Process Injection Utility | Manipulate Processes With Customized Payloads (beta)

K55 - Linux x86_64 Process Injection Utility (C++11) About K55 (pronounced: "kay fifty-five") The K55 payload injection tool is used for injecting x86

Josh Schiavone 57 Sep 5, 2022
A low level Operating System designed using Linux Kernel

Conqueror A low level Operating System designed using Linux Kernel To develop the basic low level operating system, we need following Virtual Machine

mahendra gandham 8 May 27, 2022
Linux kernel module to fight against police terror

protecc is a Linux kernel module that will shut down your computer when a predefined USB device is removed from the system.

null 23 Sep 5, 2022
CC2500 Low-Cost Low-Power 2.4 GHz RF Transceiver driver for esp-idf

esp-idf-cc2500 CC2500 Low-Cost Low-Power 2.4 GHz RF Transceiver driver for esp-idf. I ported from this. 2.00mm pitch External Antena 1.27mm pitch PCB

null 3 May 29, 2022
Matryoshka loader is a tool that red team operators can leverage to generate shellcode for Microsoft Office document phishing payloads.

Overview Matryoshka loader is a tool that red team operators can leverage to generate shellcode for an egghunter to bypass size-limitations and perfor

Praetorian 24 Jun 26, 2022
A shellcode crypto-packing tool for PoC (used with msfvenom payloads)

crypter A shellcode crypto-packing tool for PoC (used with msfvenom/binary payloads) This tool is for proof of concept only - please use responsibly.

ripmeep 11 Jul 30, 2022
Multiple payloads for the digispark digistump AVR boards.

Multiple payloads for the digispark digistump AVR boards. Some are translated from RubberDucky and some are original..

null 5 Apr 1, 2022
Hydrogen is a tiny GDI Malware, with some bytebeat music, many payloads and some shaders

Hydrogen is a tiny GDI Malware, with some bytebeat music, many payloads and some shaders

Leo Lezury 18 Sep 24, 2022