Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Python

Erlang

Go

Emacs Lisp

Jupyter Notebook

F#

Lua

Groovy

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Swift

Clojure

Ada

MATLAB

Java

Go

Zig

Lua

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇲🇪 Montenegro

🇵🇼 Palau

🇨🇼 Curaçao

🇧🇩 Bangladesh

🇸🇪 Sweden

🇮🇩 Indonesia

🇲🇲 Myanmar (Burma)

🇨🇺 Cuba

All Countries Compare Countries

boku7/winx64-InjectAllProcessesMeterpreter-Shellcode

Stars
129
Rank 271,467 (Top 6 %)
Language
Assembly
License
MIT License
Created about 3 years ago
Updated about 1 year ago

boku7/winx64-InjectAllProcessesMeterpreter-Shellcode

boku7

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.

Windows/x64 - Inject All Processes with Meterpreter Reverse Shell (655 Bytes)

Shellcode Author: Bobby Cooke (boku)

Date: May 1st, 2021

Tested on: Windows 10 v2004 (x64)

Compiled from: Kali Linux (x86_64)

Shellcode Description:

64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells. The shellcode first resolves the base address of kernel32.dll dynamically in memory via the Intel GS Register & host processes Process Environment Block (PEB). Then resolves the addresses for the OpenProcess, VirtualAllocEx, WriteProcessMemory, and CreateRemoteThread APIs via kernel32.dll's Export Table. Once all API's are resolved the shellcode then attempts to open a handle to other processes using the OpenProcess API via bruteforcing the PIDs. When a handle to a remote process is returned, the shellcode then attempts to allocate writable & executable memory in the remote process using the VirtualAllocEx API. If successful, the shellcode will then use the WriteProcessMemory API to write the Meterpreter shellcode into the memory of the remote process. To this point, if everything has returned sucessful, then the CreateRemoteThread API will be executed to create a thread in the remote process that will run the Meterpreter shell within that remote process. The shellcode then continues to bruteforce through more PIDs to launch more Meterpreter shells.

BokuLoader

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

azureOutlookC2

Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.

Ninja_UUID_Runner

Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!

spawn

Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing.

injectAmsiBypass

Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.

injectEtwBypass

CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)

HOLLOW

EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode

AsmHalosGate

x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks

whereami

Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.

HellsGatePPID

Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process

Nobelium-PdfDLRunAesShellcode

A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn

halosgate-ps

Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes

XSS-Clientside-Attacks

A repository of JavaScript XSS attacks against client browsers

xPipe

Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions

x64win-DynamicNoNull-WinExec-PopCalc-Shellcode

64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free

x64win-AddRdpAdminShellcode

64bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups Administrators & "Remote Desktop Users"

tailorMS-rXSS-Keylogger

Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Tailor Management System v1.0 allows remote attackers to harvest keys pressed via unauthenticated victim clicking malicious URL and typing.

StockManagement-XSS-Login-CredHarvester

Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of SourceCodesters Stock Management System v1.0 allows remote attackers to harvest login credentials & session cookie via unauthenticated victim clicking malicious URL and entering credentials.

gsSMTP-Csrf2Xss2RCE

gsCMS-CustomJS-Csrf2Xss2Rce

GetSimple CMS Custom JS Plugin Exploit RCE Chain

LibreHealth-authRCE

LibreHealth v2.0.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the hosting webserver via uploading a maliciously crafted image.

CVE-2020-23839

Public PoC Disclosure for CVE-2020-23839 - GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal

onlineCourseReg-RCE

From 0 to Remote Code Execution - exploit development files for Online Course Registration Web Application RCE

BikeRental-FU-RCE

slae64

Repo for SLAE64 Exam

GetSimple-SmtpPlugin-CSRF2RCE

GetSimple CMS My SMTP Contact Plugin <= v1.1.1 - CSRF to RCE

boku7.github.io

homeRent-SQLi-RCE

House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability allowing remote attackers to execute arbitrary code on the hosting webserver via sending a malicious POST request.

fuzzingFTP

Python scripts for fuzzing FTP servers, with percision, over TCP

slae32

Repo for all SLAE32 Exam Assignments

burp-jars

aCal-RCE

Exploit Development files for aCal web application - reflected XSS to RCE.

BarracudaDrivev6.5-LocalPrivEsc

Insecure Service File Permissions in bd service in Real Time Logics BarracudaDrive v6.5 allows local attackers to escalate privileges to admin via replacing the bd.exe file and restarting the computer where it will be run as 'LocalSystem' on the next startup automatically.

AV_Bypass-Splitter

Splitter script to identify Anti-Virus signature of an executable

xdev-templates

Random helpful xdev templates

domQuestPro-SEH-BOF