Shellter Pro contains all the awesomeness of the community edition of Shellter, and on top of that introduces some extra advanced features that make it even more powerful, user-friendly, effective and, as always, unique. Read more here.
Dynamic Payload Injection In DLLs
Payload delivery via executables is cool, but DLLs can be more fun.
Shellter Pro v2.0 introduces dynamic payload injection also for DLLs.
This gives more flexibility to the user and an extra boost to the AV evasion and persistence capabilities of Shellter Pro.
Perfect post-exploitation way to demonstrate persistence in Red Team scenarios and/or for extra payload delivery during Pentesting.
Execution Flow Data Files
Time is important. We all know this very well.
Shellter Pro introduces the ‘EFD’ files. These are special files created by Shellter once the first stage filtering of the execution flow has been completed.
They keep all the necessary information that Shellter needs to perform dynamic PE infection of the same quality without requiring to go through the tracing stage each time you want to use an application known to Shellter.
By completely eliminating the tracing stage for all your favorite PE targets, you get dynamic PE infection in a blink of an eye.
Combining this feature with command line usage makes Shellter Pro the best thing that can happen to you, whenever you need to deliver an executable on the target host, either directly or via office macros and powershell scripts.
Sometimes you might only have one shot. So why waste it by relying on a single payload?
Shellter Pro introduces a unique feature that allows the user to chain up to five payloads in a single injection. Each payload will run independently on a separate thread, so if one fails it will not affect the others.
Note: Not to be confused with the multi-payload infection capability that is supported also in the standard build of Shellter. That one requires to re-start Shellter and repeat the entire injection process for each payload. Even though it could be useful, it’s not as fast, effective and advanced as the Multi-Payload Chaining feature of the Pro build.
More Built-In Payloads
In the context of time is money, Shellter Pro introduces a few extra built-in payloads.
Run ‘shellter ––list’ to see all the built-in payloads.
New built-in payloads:
Encoding your payload is extremely important, but you might want to use another method of delivery, or maybe you want to submit the payload to Shellter as an already encoded blob of data.
Shellter Pro, exposes its proprietary encoder generator to the user as a standalone feature. You can now instruct Shellter Pro to encode a custom payload saved in a file using either a randomly created encoding sequence, or just by defining your own encoding sequence (see the documentation about the supported encoding operators).
The standalone encoder can even take advantage of some of the polymoprhic code generation engine features by adding the ‘––polydecoder’ parameter at the end of the command line.
The output will be a standalone encoded payload merged with a dynamically generated decoder.
Fast PE Compatibility Check
A tool has to work, but it also needs to be as user-friendly as possible. For this reason, Shellter Pro introduces a fast check against your chosen PE target, that you can easily use from command line.
PE File Size Increase
Size matters. Sometimes.
Shellter Pro introduces a unique feature that allows you to increase the size of the the PE target whenever this is required/appropriate, and there is a reason behind this.
You would be surprised if you knew about how many AV signatures rely on certain file size ranges in order to decide if the engine needs to dig deeper into a PE file or not. This, is not an effective solution by itself, but combined with the the rest of Shellter’s features, it does give some extra value.
Extra Command Line Arguments
Nobody likes typing long command lines.
For this reason Shellter Pro introduces a couple of extra arguments that can be used to bundle together multiple features in a single argument.
This enables both ‘––polyIAT’ and ‘––polyDecoder’.
This enables ‘––polyIAT’, ––polyDecoder’ and ‘––Junk’.
Furthermore, a couple of shorter argument name aliases have been introduced:
i) ––pd for ––polyDecoder
ii) ––pi for ––polyIAT
You can still use the long argument names if you prefer.