search

bytecode77 / r77-rootkit

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
https://bytecode77.com/r77-rootkit
BSD 2-Clause "Simplified" License
1.59k stars 389 forks source link

Tuto POC #22

Closed Alien3407 closed 2 years ago

Alien3407 commented 2 years ago

Hello, First i want to thank you for this great rootkit, can you please make a Demo or a Poc using cobaltstrike or meterpreter shellcode.

bytecode77 commented 2 years ago

You're welcome :)

I'm not familiar with cobaltstrike. But in order to make r77 easy to deploy, it comes as one single executable Install.exe. You only need this one file - it already contains both DLL's, etc.

It can be executed using RunPE, so if your meterpreter supports execution of 32-bit EXE files using RunPE, you can transfer Install.exe like that. Although this is rather generic advice, because like I said, I'm not familiar with cobaltstrike.

Alien3407 commented 2 years ago

thanks for the quick answer,keep up the the good job