Shellter is a dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
It can be used in order to inject shellcode into native Windows applications (currently 32-bit applications only).
The shellcode can be something yours or something generated through a framework, such as Metasploit.
Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections (unless the user wants), adding an extra section with RWE access, and whatever would look dodgy under an AV scan.
Shellter uses a unique dynamic approach which is based on the execution flow of the target application, and this is just the tip of the iceberg.
Shellter is not just an EPO infector that tries to find a location to insert an instruction to redirect execution to the payload. Unlike any other infector, Shellter’s advanced infection engine never transfers the execution flow to a code cave or to an added section in the infected PE file.
Information about exclusive features offered in Shellter Pro can be found here.
- Compatible with Windows x86/x64 (XP SP3 and above) & Wine/CrossOver for Linux/Mac.
- Portable – No setup is required.
- Doesn’t require extra dependencies (python, .net, etc…).
- No static PE templates, framework wrappers etc…
- Supports any 32-bit payload (generated either by metasploit or custom ones by the user).
- Compatible with all types of encoding by metasploit.
- Compatible with custom encoding created by the user.
- Stealth Mode – Preserves Original Functionality.
- Multi-Payload PE infection.
- Proprietary Encoding + User Defined Encoding Sequence.
- Dynamic Thread Context Keys.
- Supports Reflective DLL loaders.
- Embedded Metasploit Payloads.
- Junk code Polymorphic engine.
- Thread context aware Polymorphic engine.
- User can use custom Polymorphic code of his own.
- Takes advantage of Dynamic Thread Context information for anti-static analysis.
- Detects self-modifying code.
- Traces single and multi-thread applications.
- Fully dynamic injection locations based on the execution flow.
- Disassembles and shows to the user available injection points.
- User chooses what to inject, when, and where.
- Command Line support.
Click here to read more.