SLoader + Havoc | Bypass SmartScreen (DLL Sideloading: ProtonVPN, SharePoint, OneDrive) | 1/40

[Mr_Stuxnot]

SLoader is a simple shellcode loader with automatic builder panel!
the Loader is written in RUST and the panel in PHP, everything is organized within containers and to configure just run:

docker compose up

---

GitHub - AndreySokolov247/SLoader: Shellcode Loader | xss.is

Shellcode Loader | xss.pro. Contribute to AndreySokolov247/SLoader development by creating an account on GitHub.

github.com

 

[Mr_Stuxnot]

links update! Enjoy!

 

[msfconsolee]

SLoader is a simple shellcode loader with automatic builder panel!
the Loader is written in RUST and the panel in PHP, everything is organized within containers and to configure just run:

docker compose up

---

GitHub - AndreySokolov247/SLoader: Shellcode Loader | xss.is

Shellcode Loader | xss.pro. Contribute to AndreySokolov247/SLoader development by creating an account on GitHub.

github.com

Good Job

 

[Barmaleus]

Красавчик, слил то что юзали всякие анон криптеры и другие скрипт киди которые уже в блеке. Тоже было сделано на раст и с шелкодом. Вот по хрому не понял, у тебя красный алерт будет если ты папку с одним пейлоадом без мусора пихнешь. По авасту тоже, зарейнеми ехе и получи от него в ебальник табличку, много минусов у сайдлоада.

 

[Mr_Stuxnot]

Yes, DLL sideloading isn't a magic solution to every problem, but in my opinion, it's a lot stealthier than sending an unsigned .exe, a PowerShell script + .lnk or .hta or .vbs

You mentioned that everything in the tool is already used by "script kiddies." That statement is incorrect. There is no public record of exploiting ProtonVPN for DLL sideloading (AKA 0day) .

The tool is on GitHub. Make your modifications and show us "script kiddies" how to do it better.

You also said that everything will be marked as a virus in the browser. I'm not sure which browser you tested, but I checked everything in four different browsers, and most of them passed without any problems at the time of recording the video!

Even when there is a detection, most of the time it is just in your DLL, which is not correctly cleaned. Just change the source code of the DLL, and everything goes back to 0/26.

These were the payloads used in the video: Payloads and Scan Result. You can check the MD5 hash shown at the end of the video.

I hope I didn't interfere with your sales, it wasn't my intention. : https://xss.pro/threads/117922/#post-837966

 

[Barmaleus]

Yes, DLL sideloading isn't a magic solution to every problem, but in my opinion, it's a lot stealthier than sending an unsigned .exe, a PowerShell script + .lnk or .hta or .vbs

You mentioned that everything in the tool is already used by "script kiddies." That statement is incorrect. There is no public record of exploiting ProtonVPN for DLL sideloading (AKA 0day) .

The tool is on GitHub. Make your modifications and show us "script kiddies" how to do it better.

You also said that everything will be marked as a virus in the browser. I'm not sure which browser you tested, but I checked everything in four different browsers, and most of them passed without any problems at the time of recording the video!

Even when there is a detection, most of the time it is just in your DLL, which is not correctly cleaned. Just change the source code of the DLL, and everything goes back to 0/26.

These were the payloads used in the video: Payloads and Scan Result. You can check the MD5 hash shown at the end of the video.

I hope I didn't interfere with your sales, it wasn't my intention. : https://xss.pro/threads/117922/#post-837966

Xd I not use sideload, my loader support it as crypt. Loader fud in scanner.to and not need to be crypted. I not selling any sideload , as guess I first did about sideload in theme https://xss.pro/threads/117854/: because script kiddys selling shit for 200$ as private, I think may be u did for AnonCrypter Evild34d, because their language rust too. As well its good because u leaked it. Now people can do crypt for free.

 

[AnonCrypter]

Xd I not use sideload, my loader support it as crypt. Loader fud in scanner.to and not need to be crypted. I not selling any sideload , as guess I first did about sideload in theme https://xss.pro/threads/117854/: because script kiddys selling shit for 200$ as private, I think may be u did for AnonCrypter Evild34d, because their language rust too. As well its good because u leaked it. Now people can do crypt for free.

You don't know what sideload is, yet you start selling and trashing other sellers' tools, and you think you're a pro while treating other sellers like kids? If you don't know about other sellers, what they sell, and how their tools work, please don't mention anyone without proper knowledge. So, before mentioning anyone, first ask personally.

 

[Barmaleus]

You don't know what sideload is, yet you start selling and trashing other sellers' tools, and you think you're a pro while treating other sellers like kids? If you don't know about other sellers, what they sell, and how their tools work, please don't mention anyone without proper knowledge. So, before mentioning anyone, first ask personally.

Xd nigga, may be u not know what is it? Why other people post source code of your app? U cant code ur sideload because u not know how get exports. I said kids because puting zip to scanner.to without .dll, scam people fake runtime. Not about u only. Using donut without modification what detected in memory's by windows defender not kids? Man if u not kid rewrite and recompile donut for first if u can. Your friend scammed other people for 400$? I think u know him.

 

[Mr_Stuxnot]

Let’s clear a few things up:

First, the SLoader code was created specifically for the competition and is not related to Mr. Anon's project.

I request that Mr. "MoilerRenoiler" provide evidence for his claims, if available, or retract his statements.

Even though both parties are competitors, it's important to show respect. It is not acceptable to mock someone’s work just because you think your own work is better.

 

[Barmaleus]

Let’s clear a few things up:

First, the SLoader code was created specifically for the competition and is not related to Mr. Anon's project.

I request that Mr. "MoilerRenoiler" provide evidence for his claims, if available, or retract his statements.

Even though both parties are competitors, it's important to show respect. It is not acceptable to mock someone’s work just because you think your own work is better.

Xd we not competitors, just funny guys when have time saying bullshit. About proofs may be if he gave other file what he send to me and shellcode load be same. Older tg died, I not do crypts, I not say about anoncrypter is bad guy, in my opinion when other people have same sideloads its public shit.

 

[AnonCrypter]

Let’s clear a few things up:

First, the SLoader code was created specifically for the competition and is not related to Mr. Anon's project.

I request that Mr. "MoilerRenoiler" provide evidence for his claims, if available, or retract his statements.

Even though both parties are competitors, it's important to show respect. It is not acceptable to mock someone’s work just because you think your own work is better.

You are right, but Barmaleus is exhibiting very rude behavior, claiming that only his product is good while dismissing other sellers' tools as bad. I haven't mentioned this individual anywhere, yet he personally targets me without any reason. I tested his crypt file, which he sent me on Telegram, and it was always detected by Windows Defender. He also tried to force me to buy his detected source code and asked me to send him the full payment without any escrow. He appears to be a complete scammer, with no fraud deposit in xss. I'm not sure why the admin hasn't banned this scammer yet.

 

[Barmaleus]

You are right, but Barmaleus is exhibiting very rude behavior, claiming that only his product is good while dismissing other sellers' tools as bad. I haven't mentioned this individual anywhere, yet he personally targets me without any reason. I tested his crypt file, which he sent me on Telegram, and it was always detected by Windows Defender. He also tried to force me to buy his detected source code and asked me to send him the full payment without any escrow. He appears to be a complete scammer, with no fraud deposit in xss. I'm not sure why the admin hasn't banned this scammer yet.

Haa give proof about windows defender and show me bullshit guy. Your crypt use fucking public donut what detected in memory, I not sell any crypt stuffs and tools from june may be.

 

[AnonCrypter]

Haa give proof about windows defender and show me bullshit guy. Your crypt use fucking public donut what detected in memory

LOL, even you don't know. I use a shellcode encrypter. Only kids use direct Donut shellcode without encryption, like you. That's why you think everyone uses direct Donut files.

 

[Barmaleus]

You are right, but Barmaleus is exhibiting very rude behavior, claiming that only his product is good while dismissing other sellers' tools as bad. I haven't mentioned this individual anywhere, yet he personally targets me without any reason. I tested his crypt file, which he sent me on Telegram, and it was always detected by Windows Defender. He also tried to force me to buy his detected source code and asked me to send him the full payment without any escrow. He appears to be a complete scammer, with no fraud deposit in xss. I'm not sure why the admin hasn't banned this scammer yet.

About scam -> may be u scammer like evild34d why u saying bullshit, find chat and see about what we speeked, u have small deposit, also I not decline escrow. U used fucking public donut and added trash to shellcode for it not be detected in static, but ur file fucked by windows defender runtime, recompile donut first. U not mine target. Just say real information in your topic and real runtime detects with payload executing, because in your runtime test u not gived file to me, I gived 2 u? May be u scammer and sended scanner.to of other file? Just show chat to public man and not say bull shit .

 

[Barmaleus]

LOL, even you don't know. I use a shellcode encrypter. Only kids use direct Donut shellcode without encryption, like you. That's why you think everyone uses direct Donut files.

Man show chat from telegram to public why ur shellcode detected in static as donut? Because u kid and cant recompile donut with other compiler haa.

 

[Barmaleus]

LOL, even you don't know. I use a shellcode encrypter. Only kids use direct Donut shellcode without encryption, like you. That's why you think everyone uses direct Donut files.

Your shell code encrypter its bullshit what add trash to him, it not clean runtime because it detected as donut in memory.

 

[AnonCrypter]

About scam -> may be u scammer like evild34d why u saying bullshit, find chat and see about what we speeked, u have small deposit, also I not decline escrow. U used fucking public donut and added trash to shellcode for it not be detected in static, but ur file fucked by windows defender runtime, recompile donut first. U not mine target. Just say real information in your topic and real runtime detects with payload executing, because in your runtime test u not gived file to me, I gived 2 u? May be u scammer and sended scanner.to of other file? Just show chat to public man and not say bull shit .

I don't have time to talk to you here because I'm not a kid like you. At least I have a fraud deposit in my account. You don't even have $100 in your account, so please stop exposing yourself as a scammer. Additionally, I provide a 1-week warranty to all my customers if there's a runtime detection. Mind your own business and don't target other sellers if you're not getting any sales.

 

[Barmaleus]

I don't have time to talk to you here because I'm not a kid like you. At least I have a fraud deposit in my account. You don't even have $100 in your account, so please stop exposing yourself as a scammer. Additionally, I provide a 1-week warranty to all my customers if there's a runtime detection. Mind your own business and don't target other sellers if you're not getting any sales.

Has xd u have 0 escrow deals. I did money back if something wrong but u not do it. Your friend mostermc banned there. Good leak bro. Be a nig3r , deposit needed if people not use escrow, I can deposit 0.05 btc but for what? We have escrow in forum. Use public donut for handmade crypt u really kid.

 

[AnonCrypter]

Has xd u have 0 escrow deals. I did money back if something wrong but u not do it. Your friend mostermc banned there. Good leak bro. Be a nig3r , deposit needed if people not use escrow, I can deposit 0.05 btc but for what? We have escrow in forum. Use public donut for handmade crypt u really kid.

Are you really a kid? I don't know who Mostermc is, and you told me he is my friend. But Luxury Shield scammer is your biggest friend. Both of you work together and scam people, so please stop behaving like you're legitimate. If you are really a trustworthy seller, then add a fraud deposit and then start selling. Also, why did you delete your Telegram and clear the chat because there were lots of scam reports on Telegram?

 

[Barmaleus]

Are you really a kid? I don't know who Mostermc is, and you told me he is my friend. But Luxury Shield scammer is your biggest friend. Both of you work together and scam people, so please stop behaving like you're legitimate. If you are really a trustworthy seller, then add a fraud deposit and then start selling. Also, why did you delete your Telegram and clear the chat because there were lots of scam reports on Telegram?

Why u in him group? Proof of scam man one proof I waiting.