Shellcode Runner/Injector in Rust using NTDLL functions directly with the ntapi Library

Related tags

Command-line RustSCRunner
Overview

RustSCRunner

Shellcode Runner/Injector in Rust using NTDLL functions directly with the ntapi Library.

Surprisingly this is my first ever Rust project that I spent my entire Sunday on, which I thought I had wasted but it turned out to be a success. Coding this in Rust was harder than I thought because I'm not used to Rust Syntax or the language and IMHO there appears to be a lack of resources for these shellcode runners. Recently I saw @trickster012 post https://github.com/trickster0/OffensiveRust on Twitter that inspired me to work on this other than my favourites languages C/C++/C#. I usually use a private customised version of DInvoke made by @Jean_Maes_1994, which uses SYSCALLs which also has a 0 detection rate.

I hope that this project inspires more people to make some cool things in Rust or even GO to explore the red team evasion techniques.

XOR Encoded Shellcode

Please note that the shellcode used is a msfvenom payload that is XOR encoded using the following loop in C#:

for (int i = 0; i < buf.Length; i++)
{
    encoded[i] = (byte)((uint)buf[i] ^ 0xBE); //change this byte this for different XOR encoding.
}

The shellcode is then decoded in the Rust shellcode runner/injector using the following:

let mut shellcode : Vec<u8> = Vec::with_capacity(buf.len());
for x in &buf {
    shellcode.push(*x ^ 0xBE); //change this byte for different XOR encoding.
}

Make sure to comment out the appropriate line if you don't want to use any encoding and if you do then make sure you encode your shellcode with the appropriate byte.

0 Detections on Virus Total (Will change after making public)

Detections

https://www.virustotal.com/gui/file/34d2ad3a0c5d603df03ddca8cdaff47545ab427aa9c32dd60e15764b3615abab?nocache=1

PoC

References and Credits

You might also like...
Minimal, blazing fast Node.js script runner

nrr Minimal, blazing fast Node.js script runner. Why? nrr initializes and resolves scripts way faster than package managers. It achieves this by provi

Ryan Cao 3 Nov 17, 2023
Save image from your clipboard πŸ“‹ as an image file directly from your command line! πŸ”₯

Clpy πŸ“‹ Save copied image from clipboard as an image file directly from your command line! Note It works only on windows as of now. I'll be adding sup

Piyush Suthar 13 Nov 28, 2022
Edit a file directly on Amazon S3 in CLI.
Edit a file directly on Amazon S3 in CLI.

s3-edit-rs The original idea for this project comes from s3-edit written in Go by tsub. I started this project for educational purposes, and it is my

Gor Hayrapetyan 6 Jul 12, 2020
A tool to use the webeep platform of the Politecnico di Milano directly from the command line.

webeep-cli A tool to use the WeBeep platform of the Politecnico di Milano directly from the command line. Features Browse the course folders as if the

Simone Orlando 9 Apr 8, 2022
Use the osu!direct button on the osu! website to download beatmaps directly to osu
Use the osu!direct button on the osu! website to download beatmaps directly to osu

osum!direct-web Use the osu!direct button on the osu! website to download beatmaps directly to osu! - without osu! supporter. Badges Usage Run the app

oSumAtrIX 1 Jan 21, 2022
A terminal ASCII media player. View images, gifs, videos, webcam, YouTube, etc.. directly in the terminal as ASCII art.
A terminal ASCII media player. View images, gifs, videos, webcam, YouTube, etc.. directly in the terminal as ASCII art.

Terminal Media Player View images, videos (files or YouTube links), webcam, etc directly in the terminal as ASCII. All images you see below are just m

Max Curzi 36 May 8, 2023
Ask ChatGPT for a shell script, code, or anything, directly from your terminal πŸ€–πŸ§ πŸ‘¨β€πŸ’»
Ask ChatGPT for a shell script, code, or anything, directly from your terminal πŸ€–πŸ§ πŸ‘¨β€πŸ’»

ShellGPT Ask ChatGPT for a shell script, code, or anything, directly from your terminal πŸ€– 🧠 πŸ‘¨β€πŸ’» Demo Install The binary is named gpt when installe

null 4 May 15, 2023
A simple TTS tool for Windows that reads directly from the clipboard.
A simple TTS tool for Windows that reads directly from the clipboard.

Quick Text-To-Speech A simple TTS tool for Windows that reads directly from the clipboard or from textfiles that are dragged into the window. Screensh

Alexander 3 May 1, 2023
ask.sh: AI terminal assistant that can read and write your terminal directly!
ask.sh: AI terminal assistant that can read and write your terminal directly!

ask.sh: AI terminal assistant that read from & write to your terminal ask.sh is an AI terminal assistant based on OpenAI APIs such as GPT-3.5/4! What'

hmirin 5 Jun 20, 2023
Owner
null
GitHub
A library and binary for testing unhooking ntdll by identifying hooks via in-memory disassembly

(First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls and all hooked functions (incl. hooked NtProtectVirtualMemory)

Signal Labs 52 Apr 9, 2023
Rusty Shellcode Reflective DLL Injection (sRDI) - A small reflective loader in Rust 4KB in size for generating position-independent code (PIC) in Rust.

Shellcode Reflective DLL Injection (sRDI) Shellcode reflective DLL injection (sRDI) is a process injection technique that allows us to convert a given

null 242 Jul 5, 2023
Windows shellcode development in Rust

Write Windows Shellcode in Rust Project overview Windows shellcode project is located in shellcode/, it can build into a PE file with only .text secti

red 171 Dec 26, 2022
Shellcode packer written in Rust

RustPacker Shellcode packer written in Rust. Current state Functional as it packs a binary file, but very basic as it only support XOR encoding for no

null 27 Dec 15, 2022
The auto-managed -sys crate for Apple platforms using bindgen directly from build environment

apple-sys Apple platforms have a rather monotonous programming environment compared to other platforms. On several development machines, we will depen

Jeong, YunWon 34 Apr 17, 2023
comfy is a flexible command script manager / runner written in Rust

comfy is a cross-platform command script manager / runner tool, which allows you to run commands in the command line itself, but being these predefined in a portable and universal .comfy file.

daCoUSB 17 Nov 12, 2021
A wayland native, highly customizable runner.

anyrun A wayland native krunner-like runner, made with customizability in mind. Features Style customizability with GTK+ CSS More info in Styling Can

null 18 Jan 22, 2023
A standalone Luau script runner πŸŒ™

Lune ?? A standalone Luau script runner ?? Use the ergonomics and readability of Luau for your shell scripts ?? βš™οΈ Installation The preferred way of i

Filip Tibell 13 Feb 2, 2023
ABQ is a universal test runner that runs test suites in parallel. It’s the best tool for splitting test suites into parallel jobs locally or on CI

?? abq.build   ?? @rwx_research   ?? discord   ?? documentation ABQ is a universal test runner that runs test suites in parallel. It’s the best tool f

RWX 13 Apr 7, 2023
A small, interactive command runner

Dotree is a small interactive command runner. It wants to be a better home for your aliases and bash functions, especially those that you don't use th

Felix G. Knorr 113 Nov 14, 2023