The new version of Shellter is on its way, and I will try to release it as soon as possible.
In the meantime, let me give you some heads-up of what to expect from the next release.
As mentioned during the release of the previous update, the upcoming version of Shellter will allow the users to control and take advantage from the Basic Mode, features that were only available so far only in the Advanced Mode.
One of these features, it is the possibility to use handlers for encoded payloads, instead of permanently changing the memory access permissions for the section where the injection occurs, through the PE header. This is also one of the main features of Shellter since its very first release.
In fact, so far this feature was only available from the Advanced Mode where the user could choose between any of those handlers supported by the target PE file, or change the section’s permissions by choice.
In Shellter v1.9 this is going to change. Even when using the Basic Mode, Shellter will automatically check which handlers can be used in the target PE file and will pick one at random. It will only change the section’s permissions if none of the available handlers is supported by the PE target, or if the user chooses to do so.
Furthermore, even from Basic Mode, the user will be able to ask from Shellter to handle a payload as non-encoded. This will be useful for either using a non-encoded payload as is, or to let a custom payload that can handle itself for self-decryption to do the job without any ‘help’ from Shellter. That is without using any handlers from Shellter or change section’s permissions.
Finally, the cmdline options will be expanded accordingly in order to support the new options.
As said already a couple of times, the goal is to make the Basic Mode operate as close to the Advanced as possible but without the overhead of the manual interaction that the Advanced mode currently requires.
Getting closer… ;o)
Stay tuned!
kyREcon