May 27, 2022
Shellter Tool | IEMLabs

Shellter is a dynamic shellcode injection tool aka dynamic PE infector. It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only). The shellcode can be something yours or something generated through a framework, such as Metasploit. Shellter takes advantage of the original structure of the PE file and doesn’t apply any  modification such as changing memory access permissions in sections (unless the user wants to), adding an extra section with RWE access, and whatever would look dodgy under an AV scan. Shellter uses a unique dynamic approach that is based on the execution flow of the target application. This means that no static/predefined locations are used for shellcode injection. Shellter will launch and trace the target, while at the same time will log the execution flow of the application.

Shellter traces the entire execution flow that occurs in the userland.  That means, code inside the target application itself (PE image), and code outside of it that might be in a system dll or on a heap, etc… This happens in order to ensure that functions actually belonging to the target executable, but are only used as callback functions for Windows APIs will not be missed. During tracing, Shellter will not log or count any instructions that are not in the memory range of the PE image of the target application, since these cannot be used as a reference to permanently inject the shellcode.

 

Download Link:- https://github.com/r00t-3xp10it/venom/tree/master/obfuscate/shellter

 

Leave a Reply

Your email address will not be published.