Shellter is a dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
It can be used in order to inject shellcode into native Windows applications.
The shellcode can be something yours or something generated through a framework, such as Metasploit, or the C2 of your choice.
Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections (unless the user wants), adding an extra section with RWX access, and whatever would look dodgy under an AV scan.
Shellter uses a unique dynamic approach which is based on the execution flow of the target application, and this is just the tip of the iceberg.
Shellter is not just an EPO infector that tries to find a location to insert an instruction to redirect execution to the payload.
Unlike any other infector, Shellter’s advanced infection engine never transfers the execution flow to a code cave or to an added section in the infected PE file.
Information about exclusive features offered in Shellter Pro Plus can be found here.
A features-comparison table of all builds can be found here.
Main Features (Community Edition)
- Compatible with Windows x86/x64 (XP SP3 and above) & Wine/CrossOver for Linux/Mac.
- Portable – No setup is required.
- Doesn’t require extra dependencies (python, .net, etc…).
- No static PE templates, framework wrappers etc…
- Supports any 32-bit payload (generated either by metasploit or custom ones by the user).
- Compatible with all types of encoding by metasploit.
- Compatible with custom encoding created by the user.
- Stealth Mode – Preserves Original Functionality.
- Multi-Payload PE infection.
- Proprietary Encoding + User Defined Encoding Sequence.
- Dynamic Thread Context Keys.
- Supports Reflective DLL loaders.
- Embedded Metasploit Payloads.
- Junk code Polymorphic engine.
- Thread context aware Polymorphic engine.
- User can use custom Polymorphic code of his own.
- Takes advantage of Dynamic Thread Context information for anti-static analysis.
- Detects self-modifying code.
- Traces single and multi-thread applications.
- Fully dynamic injection locations based on the execution flow.
- Disassembles and shows to the user available injection points.
- User chooses what to inject, when, and where.
- Command Line support.
- Free
Click here to read more.
Cheers,
kyREcon
Disclaimer
We do not support nor condone illegal activities in any shape or form. This software is offered with the sole purpose to assist ethical hackers in their daily jobs during Penetration Testing and/or Red Team engagements. The author of this software and INSAINTED LTD assume no responsibility for any unlawful actions taken and any damages caused by using this software.