-
ShellCloak is a new technique to separate the shellcode from the dropper without downloading anything to the vitctim's machine. The way how this works is it uses Chrome's and Firefox's history database to our advantage.
-
First it will generate meterpreter x86 powershell then it will use that shellcode as a URL on THREE parts. So there will be THREE redirections using javascript files. Each redirection will take 1 part from the shellcode and of course Chrome or Firefox will store that URL in it's history database which we will access later.
-
By doing that we are bypassing AV and IDS since we are not doing anything to the target box lol, it's the browser itself doing that for us. Thank you Chrome and Firefox for your cooperations :D.
-
Once all the 3 parts stored in Chrome's or Firefox's database, we open that database using our C code and put all the pieces together and then execute it.
-
Since the dropper itself doesn't have anything inside it, it should be almost 100% undetectable and clean.
-
The javascript file will detect the browser and will redirect the user based on that browser.
-
Notifications
You must be signed in to change notification settings - Fork 4
A tool to teleport shellcode to victim's device without triggering IDS or AV 100% FUD
License
nixpal/shellcloak
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
A tool to teleport shellcode to victim's device without triggering IDS or AV 100% FUD
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published