search

bytecode77 / r77-rootkit

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
https://bytecode77.com/r77-rootkit
BSD 2-Clause "Simplified" License
1.55k stars 383 forks source link

Help #69

Closed TwoBit69 closed 3 months ago

TwoBit69 commented 5 months ago

I'm not super experieneced in using this type of stuff, can someone please help me tho. How do i include this into my own stub?

bytecode77 commented 5 months ago

You can run the installer, or better yet, the shellcode installer by looking at this and this example.

The shellcode installer is described in the documentation (link on the main page). It allows you to run the whole installation process in memory. You can encrypt this file at compile time, if you want.

TwoBit69 commented 5 months ago

Yeah, issue is I dont know how to get the byte array???

bytecode77 commented 5 months ago

There's a ton of tools. After a quick search, I have found this one. Didn't try it, but it should be a simple task to include a file this way.

Totalnoob1164 commented 4 months ago

@TwoBit69 I am probably on the same page as you and I come from a non programming Background.If I get someone to help out, that would be HUGE! Please tell me you got it to work :)