Tag Archives: post exploitation

Shellter V [5.5] -Released-

This is an urgent update that fixes a couple of bugs in the user-defined-encoding-sequence feature that was introduced in version 5.4.
The first bug was reported by and it would cause a valid encoding sequence defined by the user in Manual mode to be considered as invalid, thus making this feature unusable from this operation mode. The second bug, was discovered while I was testing the fix for the first one, and this is really ‘nasty’.
Continue reading Shellter V [5.5] -Released-

Shellter V [5.4] – User Defined Encoding Sequence

Despite the fact that Shellter v5.3 was just released, I am already working on the next version which will be hopefully out quite soon.

So what’s new in the upcoming Shellter V [5.4] , you might be asking yourself.
Well, the new version introduces the ‘user defined encoding sequence’ feature.
What that means, is that optionally the user will be able to define a custom encoding sequence using the supported encoding operators.
Continue reading Shellter V [5.4] – User Defined Encoding Sequence

Using domain names as LHOST

A lot of people have been asking me to support domain names directly from Shellter in the LHOST parameter.
This is something that I am planning to implement in the upcoming version (v5.2) of Shellter. If you need this right now, then you can generate the payload in raw format from metasploit and feed it to Shellter.
However, this is also a good opportunity to make some things clear about setting domain names as LHOST parameter at the various payloads that support reverse connection back to the attacker’s server.
While some people might be aware of what actually happens in the background during the payload generation in metasploit regarding this matter, it also came to my attention that not everyone is.
Continue reading Using domain names as LHOST