Moderately stealthy shellcode stager.
******,,,******
.*** ...... .**,
**, ........... **
** ,............. **
** (............... . .**
, ,*, *(.................. ( ** .
***********,,,,** (*................ * ** **,
.******, .,*** (,............ * *********.
****** ** (,....(... ( .*. .******
******. *, (/..(,.. , ** *******,
**** ,*. /(/(.. ( .*. ********
**, ** ((.. ( *, ******
** ,*, (/.. . ** .*****
. ,*. (.. .@&... (/ ,*. . *****
* .*. (.. ..&@@@&. .....#@. ( ,* *
* ** (.. .... .@@@@@%. ( ** **
*. ,* /(.. ( ,* ,*
* ** ((.. * , ** ,
. ** /(.. .* ., . ** .
,*****, /(.. * * ( ,*
***, /((... (,. . *. /( ,***.
**. (((........... * (, ,, ,*** ****
(((,................. . .......((/ ,*****
(((........................ .. ..............,((* .**
*............................... .. ........................((/
........................................ .............................(((
....... ... ............. ................. .............. ................../(
......... . .............. ........................ ......................(
.......... .................. .................... ................ ........
........... ....................................................... ........
............ .................................................... .........
This is a very simple shellcode stager that as of right now moderately undetected. I chose to legitimately load functions and then dynamically load others to be less immedialtely suspicious.
- Simply generate your own shellcode using msfvenom, donut, powershellempire etc.
- Insert your routable ip within the cpp file . You can also change the function name exported too optionally.
- Compile the DLL
- Server your shellcode on your webserver
- rundll32.exe stager.dll,update
