EchoStrike: Undetectable Reverse Shells with a Pythonic Twist
EchoStrike
EchoStrike is a tool designed to generate undetectable reverse shells and perform process injection on Windows systems. Through an interactive wizard written in Python, users can customize their binaries with advanced persistence and encryption techniques. The malware code is written in Go, ensuring flexibility and power to meet the attacker’s needs.
EchoStrike allows downloading binaries from any URL and executing them under suspended processes like explorer.exe or cmd.exe, ensuring discreet and covert execution. Additionally, it offers advanced options to adjust the binary size and ensure persistence on the target system.
Feature
- Interactive Wizard (Python-based): EchoStrike offers a user-friendly setup wizard, written in Python, guiding users through the customization of reverse shell payloads without the need to manually edit configuration files.
- Custom Persistence Techniques: Supports multiple persistence methods including:
Registry (CurrentUser Run)Registry (Command Processor)Task Scheduler (Admin Required)Startup Folder
- AES Encryption for Payloads: Automatically generates 128-bit AES keys (16-byte hexadecimal format) to encrypt payloads before injection, ensuring shellcode is not detected in memory in its raw form.
- Binary Padding for Evasion: Adjusts the size of the generated binaries by adding padding, making it harder to detect them based on file size analysis.
- Error Logging and Process Management: Includes utilities for logging errors and managing background processes, with options to execute commands without displaying visible windows and move executables to system folders like
AppData\Roamingto avoid detection. - Process Injection: Allows for the injection of binaries within suspended processes like
explorer.exe,cmd.exe, andpowershell.exe, enabling in-memory execution to avoid detection. - Dynamic Download and Execution: EchoStrike allows you to download binaries from any URL and execute them under suspended processes, ensuring discreet delivery and execution of payloads.
