Skip to content
/ shellsilo Public

SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the process of constructing and utilizing structures, assigning variables, and making system calls. With this tool, integrating strings into your shellcode and initializing Unicode strings has never been easier.

www.github.com/nixpal/shellsilo

License

MIT license
128 stars 13 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nixpal/shellsilo

BranchesTags

Repository files navigation

☢️ SHELLSILO ☢️

Static Badge

SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the process of constructing and utilizing structures, assigning variables, and making system calls. With this tool, integrating strings into your shellcode and initializing Unicode strings has never been easier.

SHELLSILO has been tested on two different Windows 10 models, and Windows 11.

How does SHELLSILO obtain syscall number ?

  • SHELLSILO imported the syscall number table from https://j00ru.vexillium.org/syscalls/nt/64/ and converted each Windows version to its corresponding model number. By examining the PEB (Process Environment Block), SHELLSILO can easily obtain the model number of the system and compare it to its own model from the 'syscallslist.txt' table.
  • SHELLSILO only compares the syscall APIs used in the code.

Requirements

Installation

  • pip3 install keystone-engine

SHELLSILO supports the following:

  • Reading and parsing structures
  • Structres instances
  • Structres member assignments
  • Infinite while loop
  • If statements
  • Variables definition and assignments
  • Function calls
  • Initializing unicode string
  • Some C constants such as MEM_COMMIT and MEM_RESERVE

Practical Example:

The most practical template of the files provided is the ntwrt.c file.

What's happening in the ntwrt.c file ?

  • The code starts by looping through two syscall apis NtAllocateVirtualMemory, and NtQuerySystemInformation to find a specific running process that you will define in the code. Change the name of the process in the code from "Calculator.exe" to whatever process you want, Example: 'CalculatorApp.exe' (Windows 10). The process name you change will automatically be initialzed as unicode string using ShellSilo's built in function InitUnicodeStr, you don't need to worry about that part.
  • The next step is to allocate enough memory in that process using NtOpenProcess followed by NtAllocateVirtualMemory
  • Next is to copy the buffer on line 108 which is "h" works as a place holder, to the remote process. this is a place holder, after you generate the assembly change this line with your actual payload buffer line, please refer to my Defcon example https://github.com/nixpal/ProcInjectSyscall/blob/main/shellcode.c#L222
  • Finally, the code will create a new thread of that copied buffer using NtCreateThreadEx.

Alt text

Alt text

Alt text

Alt text

Demo

Author

Tarek Ahmed

About

SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the process of constructing and utilizing structures, assigning variables, and making system calls. With this tool, integrating strings into your shellcode and initializing Unicode strings has never been easier.

www.github.com/nixpal/shellsilo

Resources

Readme

License

MIT license
Activity

Stars

128 stars

Watchers

3 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages