RedTeam
5.Machine
3.Active-Directory
General
Exploitation
AV-Detection-and-Evasion
Evasion-Techniques
Tools
Evasion Shellter

Commands


     1010101 01   10 0100110 10     01  11001001 0011101 001001
        11      10   01 00      01     01     01    10      11   10
        0010011 1110001 11011   11     10     00    10011   011001
             11 00   10 01      11     01     11    01      01   11
        0010010 11   00 0011010 100111 000111 00    1100011 01   10 v7.2


# Shellter
sudo wine shellter.exe
automated mode (a)
Home/.../Something.exe                ---> The exe (32bits) we want to 
Stealth Mode     -> Y
Listed Payload   -> L                 ---> Select a payload shell
Wait...
[Enter]

# Attacking Machine
Set a lisenner or Meterpreter

# Target Machine
Launch the payload

  • You need an executable to use shllter (a file witch will be used to exploit the other machine)

  • Original file is in backups

  • Take note that the shell session will be close after the user close the window of the installed exe. To solve this you need to migrate to an other processes

    • If you use multihandler in your shellter shell use the following to automaticly migrate the process: set AutoRunScript post/windows/manage/migrate

More information ---> https://www.youtube.com/watch?v=6xexyQwG7SY (opens in a new tab)

What is Shelter

Shellter is a dynamic shellcode injection tool aka dynamic PE infector. It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only). The shellcode can be something yours or something generated through a framework, such as Metasploit.

Shellter takes advantage of the original structure of the PE file and doesn't apply any modification such as changing memory access permissions in sections (unless the user wants to), adding an extra section with RWE access, and whatever would look dodgy under an AV scan.

Shellter is not just an EPO infector that tries to find a location to insert an instruction to redirect execution to the payload. Unlike any other infector, Shellter’s advanced infection engine never transfers the execution flow to a code cave or to an added section in the infected PE file.

Evasion Invoke Obfuscation1.external Recon and Enumeration Principles