ShenCode 0.7.0 Update
A few weeks ago, I started writing new modules for ShenCode. The plan was to release version 0.6.2. But, as so often happens, things turned out a little differently. Here’s an overview of the new features:
ByteBert Encoder
I started with the idea of designing an encoder that not only contains encrypted, polymorphic shellcode but also has a decoder stub that is itself polymorphic and changes every time it is recreated.
The result is the ByteBert Encoder. I will go into more detail about the underlying techniques in a dedicated blog post.
Stages
Meterpreter Stager
To better understand Metasploit’s staging techniques, I explored the Meterpreter staging protocol.
Sliver Stager
Since I have become a dedicated Sliver fan, I naturally wanted to code a stager for Sliver as well. Said and done: the Sliver Stager connects to an HTTPS stage, downloads the payload, and injects it. After that, our beacon connects to the Sliver server.
Module Parser
In between, I wanted to improve the module parser, but this turned out to be quite complex. No surprise, since the module parser was overly complicated and nowhere near flexible enough.
So, I decided to rewrite the module parser from scratch.
The new parser supports native ArgParse arguments, and each module is grouped into a higher-level category. This improves clarity and user-friendliness.
Setup.py
Another thing that had bothered me from the beginning was the dependency management between Windows and Linux. I always had to test on both platforms, which was prone to errors.
With setup.py, I separated the packages that do not exist on Linux, so I no longer have to manage them manually.
Another advantage is that you no longer have to enter the full python shencode.py command every time. The command shencode is now registered and can be used directly.
Conclusion
Due to all these changes, I decided to release version 0.7.0. You can download the code at github.com/psycore8/shencode.