PE_Analysis

PE malware training exercises

Stars
3
View Code on GitHub
Ecosystems: C++, Shell

Shellcode development and PE Injection

This project is designed to understand the shellcode development, Portable Executable (PE) file structure and the process of injecting shellcode by modifying its structure.

Features

  • PE Parsing: This program extracts information from PE Headers, including sections, imported modules and more.
  • TCP reverse shell: A shellcode written in MASM that sets up backdoor on Windows. It adds itself to the registry for persistence, establishes a reverse shell to the attacker and dynamically resolves API functions and system calls at run time.
  • Shellcode Injection: Create new section in the PE file and inject tcp reverse shell into it.

Note

This project is designed for educational purposes only.

How to use the reverse shell

Start the listener on port 4444 on the attack machine using netcat nc -lvp 4444 . Make sure to change the ip address of the attacker in the shellcode first.

Related Projects
peekaboo

Simple undetectable shellcode and code injector launcher example. Inspired by RTO malware develop...

21 Jul 2021 174
invoker

Penetration testing utility and antivirus assessment tool.

11 Jul 2019 311
FunctionStomping

Shellcode injection technique. Given as C++ header, standalone Rust program or library.

23 Jan 2022 682