main

[sec13b]

main.cpp
for line 59 and 61
the shell code bin must encode in xor ?
or work any shell code bin

[Vasco0x4]

Hi,

First, you need to encrypt your shellcode.bin. For example, you can use encrypt.py, which is in the project. Once encrypted with your XOR key, upload your shellcode in the manner you prefer. Add the link to your shellcode in line 59 and use the same XOR key in line 69 that you used to encrypt your shellcode. You can open the encrypt.py file to see the key used. You can leave the default key and simply encrypt your shellcode with encrypt.py, then upload it without changing the XOR key.

[sec13b]

I was thinking of CSSG to generate a shellcode bin , but i think is more better use the encrypt.py
Xor key must be 5 or can be more characters
thank you a lot

[sec13b]

Build started at 3:23 AM...
1>------ Build started: Project: ShadeLoader, Configuration: Release x64 ------
1>encryption.cpp
1>main.cpp
1>C:\Users\work\Desktop\BypassUAC\ShadeLoader\ShadeLoader\main.cpp(74,5): warning C4002: too many arguments for function-like macro invocation 'DEBUG_PRINT'
1>process_hollowing.cpp
1>protection.cpp
1>self_delete.cpp
1>shellcode_dowloader.cpp
1>slef_destruct.cpp
1>Generating code
1>Previous IPDB not found, fall back to full compilation.
1>All 156 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
1>Finished generating code
1>ShadeLoader.vcxproj -> C:\Users\work\Desktop\BypassUAC\ShadeLoader\x64\Release\ShadeLoader.exe
1>Done building project "ShadeLoader.vcxproj".
========== Build: 1 succeeded, 0 failed, 0 up-to-date, 0 skipped ==========
========== Build completed at 3:23 AM and took 11.011 seconds ==========

have you tested with cobalt strike or msf ?

[Vasco0x4]

yes it works on Cobalt Strike and Havoc, I never tried with MSF but it should work too