Three weeks later from the previous release, Shellter v1.9 is now available to download. The new version brings more usability enhancements and cmdline improvements. These updates make Basic Mode more flexible and powerful.
If Shellter starts without cmdline arguments, then it allows the user to choose which operation mode to use. As in the previous version, if the user chooses the Basic Mode, then Shellter will only ask for the necessary input and enable the rest of the features that will be used automatically.
However, in the previous version the cmdline only allowed to specify those necessary inputs such as ‘target’, ‘payload’..etc which means that again other features were enabled by default.
In Shellter v1.9 this has been improved. The cmdline allows to customize the usage of the Basic Mode. This means that if the payload submitted is not encoded, or something completely custom that can handle its self-decryption then the user can choose not to treat it as encoded by Shellter.
Generally, using encoded payloads, especially if they are generated by a known framework as metasploit it is recommended. Enabling the handing of encoded payloads can be achieved by specifying the ‘––enc’ flag in the cmdline.
If the this flag is set, then ‘––handler’ has to be set to tell to Shellter how to handle this. There are two options for this, ‘iat’ and ‘section’.
The first one will use pointers from the IAT of the target while the second one will permanently change the memory access permissions of the section where the injection occured from inside the PE header.
It is recommended to use the ‘iat’ option for the ‘––handler’ argument, also because Shellter will automatically switch to ‘section’ if no good pointers are found in the IAT of the target. However, depending on each case, the user might want to set the ‘section’ option since this doesn’t need extra injected code in order to be implemented.
Furthermore, with the improved commandline, even from Basic Mode the user can now choose if he wants Shellter to generate and bind junk polymorphic code with the payload submitted. This can be done by specifying the ‘––junk’ flag in the cmdline.
Also in this case, generally it is recommended to enable this option.
To see a full list of options that can be used from the cmdline, the start Shellter using ‘––h’, and…don’t forget to inject responsibly.
Enjoy,
kyREcon