mirror of
https://github.com/dobin/SuperMega
synced 2026-06-03 01:27:11 +00:00
Dobin
99 lines
4.2 KiB
Markdown
99 lines
4.2 KiB
Markdown
# SuperMega - Cordyceps Implementation
|
|
|
|
> Ophiocordyceps camponoti-balzani is a species of fungus that parasitizes
|
|
> insect hosts of the order Hymenoptera, primarily ants. O.
|
|
> camponoti-balzani infects ants, and eventually kills the hosts after
|
|
> they move to an ideal location for the fungus to spread its spores.
|
|
|
|
Ophiocordyceps camponoti-balzani
|
|
|
|
|
|
## What
|
|
|
|
SuperMega is a shellcode loader. It will take a shellcode as input, protects it, adds a loader,
|
|
and injects the resulting shellcode into an exe.
|
|
|
|
FUD.
|
|
|
|
And:
|
|
* Only works with 64 bit (shellcode and infecteble exe's)
|
|
|
|
Features:
|
|
* Loader source is C yay
|
|
* Execution-Guardrails
|
|
* Environment variables
|
|
* configurable implementation
|
|
* different EXE injection techniques
|
|
|
|
Plugins:
|
|
* source style:
|
|
* PEB_WALK
|
|
* IAT_REUSE
|
|
* alloc style:
|
|
* RWX
|
|
* REUSE_RWX
|
|
* decoder style:
|
|
* PLAIN_1
|
|
* XOR_1
|
|
* dataref style:
|
|
* APPEND
|
|
|
|
|
|
## Directories
|
|
|
|
* `shellcodes/`: Input: Shellcodes we want to use as input (payload)
|
|
* `source/`: Input: Loader C templates
|
|
* `plugins/`: Input: Loader C implementations
|
|
* `exes/`: Input: Nonmalicious EXE files we inject into
|
|
* `build/`: build: Temporary files during build process
|
|
* `logs/`: build: Files generated by building (inspect for debugging)
|
|
* `out/`: output. The generated result: infected exe
|
|
|
|
## Installation
|
|
|
|
### Paths
|
|
|
|
Configure `config.yaml` with:
|
|
* Path to Visual Studio 2022 compiler and assembler
|
|
* Path to mash_shc and runshc: https://github.com/hasherezade/masm_shc.
|
|
|
|
`config.yaml`:
|
|
```yaml
|
|
path_cl: 'C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\bin\Hostx64\x64\cl.exe'
|
|
path_ml64: 'C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\bin\Hostx64\x64\ml64.exe'
|
|
|
|
path_masmshc: 'C:\Users\hacker\Source\Repos\masm_shc\out\build\x64-Debug\masm_shc\masm_shc.exe'
|
|
path_runshc: 'C:\Users\hacker\Source\Repos\masm_shc\out\build\x64-Debug\runshc\runshc.exe'
|
|
```
|
|
|
|
Make sure its the `Hostx64/x64/` one exe. Make sure to compile
|
|
msmshc and runshc as 64bit. You can also replace runshc with
|
|
your own shellcode loader.
|
|
|
|
### Environment Variables
|
|
|
|
Use
|
|
```
|
|
"C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvars64.bat"
|
|
```
|
|
|
|
or the VS developer console to find the damn environment variables, and set
|
|
it in your python console. In my case:
|
|
```
|
|
$env:INCLUDE = "C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\ATLMFC\include;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\VS\include;C:\Program Files (x86)\Windows Kits\10\include\10.0.22621.0\ucrt;C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\um;C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\shared;C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\winrt;C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\cppwinrt;C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\include\um"
|
|
$env:LIB="C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\ATLMFC\lib\x64;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\lib\x64;C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\lib\um\x64;C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\ucrt\x64;C:\Program Files (x86)\Windows Kits\10\\lib\10.0.22621.0\\um\x64"
|
|
$env:LIBPATH="C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\ATLMFC\lib\x64;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\lib\x64;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\lib\x86\store\references;C:\Program Files (x86)\Windows Kits\10\UnionMetadata\10.0.22621.0;C:\Program Files (x86)\Windows Kits\10\References\10.0.22621.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319"
|
|
```
|
|
|
|
### VS2022 Components
|
|
|
|
A list of packages/components which may be required for Visual Studio 2022:
|
|
* C++ 2022 Redistributable Update
|
|
* C++ Build Insights
|
|
* C++ CMake tools for windows
|
|
* C++ /CLI support for v143 build tools (lastest)
|
|
* MSBuild
|
|
* MSVC v133 - VS 2002 C++ x64/x86 build tools (latest)
|
|
* C++ ATL for latest v143 build tools (x86 & x64)
|
|
* C++ MFC for latest v143 build tools (x86 & x64)
|
|
* Windows 11 SDK |