Skip to content

pwn1sher/uuid-loader

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
README.md
README.md
 
 
apiresolv.h
apiresolv.h
 
 
checks.h
checks.h
 
 
downloader.h
downloader.h
 
 
hash.h
hash.h
 
 
headers.h
headers.h
 
 
uuidfromstring.cpp
uuidfromstring.cpp
 
 

Repository files navigation

UUID Loader

Experimental Stage-1 Shellcode Loader, using IE COM Object Methods to fetch Shellcode and uses UUID as shellcode.

Features

  • Fetches Cobalt Shellcode from Github using IE-Com
  • Shellcode returns is bunch of UUID Strings
  • Uses UuidFromStringA callback to load shellcode into allocated heap area
  • Dynamic API Resolving to make IAT Look clean
  • Multiple Preliminary Checks before execution
  • Implements BlockDLL;s to block non microsoft signed DLL to get loader - Blocking EDR DLL Hooks
  • Does Local Process Injection, avoiding touching remote process
  • Works fine with Cobalt Strike x64 Stageless Shellcode

Upcoming

  • Obfuscated UUIDs and deobfuscate before triggering callback
  • Ability to convert UUID to shellcode and inject remote using thread hijacking
  • Using SGN or custom shellcode encoder before generating UUID Shellcode

Usage

  • Host your shellcode as UUIDs
  • Hardcode the raw link in Line: 206 inside downloader.h

Idea

https://research.nccgroup.com/2021/01/23/rift-analysing-a-lazarus-shellcode-execution-method/

Credits to slaeryan for IE COM code from Wraith

About

UUID based Shellcode loader for your favorite C2

Topics

pentest redteam redteam-tools

Resources

Readme
Activity

Stars

84 stars

Watchers

4 watching

Forks

25 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages