Metasploit mailing list archives
Creating Shellcode
From: thekillermafia at hotmail.com (The KiLLeR MaF!a)
Date: Fri, 8 Feb 2008 01:40:08 +0000
ok i think i have somting might helps u .. the program , is a "shellcode creator" ,there are 2 files in "SSCC.zip" (attachment).. use the "NASM.exe" to compile uer code ..and the use "shellcode.exe" the convert uer exe output to shellcode.. ex , "shellcode exploit.exe" then u find shellcode.txt... ps: u can use the shellcode.exe with any *.exe file..u dont have to use first NASM.exe ,but i think its better to make more smalll size... good luck. Date: Fri, 8 Feb 2008 06:57:39 +1100From: tyronmiller at gmail.comTo: framework at metasploit.comSubject: Re: [framework] Creating Shellcode Hey nnp, It would definitely make life easier, however, I have to pass the entire payload in the exploit. Ty On 2/7/08, nnp <version5 at gmail.com> wrote: Hey, Does your shellcode have to be that program? Would it be feasible to use an automatic download/run payload and just grab your program from elsewhere? It would probably make your life a lot easier. nnp On Feb 7, 2008 9:53 AM, Ty Miller <tyronmiller at gmail.com> wrote: After having a look at Hellkit, it looks like it does a fair bit of useful stuff for creating shellcode. One of the downsides is that it says that I can't use functions within my C program for Hellkit to work. My program is currently 370 lines of C code and has 5 different functions for code reuse, with a few of them being about 40 or 50 lines long. I can merge the functions into the main function, but this is going to make the program a fair bit larger, and I assume that this is going to make the shellcode a fair bit larger. I'm already concerned about the size of the shellcode as it stands. Is this correct? What do you guys suggest? Besides having limited space with stack exploits, are there any other downsides to having large shellcode for other types of exploits? Thanks, Ty On 2/7/08, base64 <basehat at gmail.com> wrote: hellkit and some similar unix tools can be found at : http://packetstormsecurity.nl/I am unaware of a likewise tool for win32, however milw0rm has a fairly large repository of interesting shellcodes. On Feb 6, 2008 3:34 PM, Ty Miller <tyronmiller at gmail.com> wrote: Hey All, Does anyone know where I can get my hands on Hellkit? Does Metasploit have a similar function? Any other tools or techniques that you would like to recommend to convert a C program to shellcode would also be great? Thanks, Ty -- Best Regards,Adrian CastroSenior Software Engineer(310)765-0627 -- http://www.smashthestack.orghttp://www.unprotectedhex.com _________________________________________________________________ Connect and share in new ways with Windows Live. http://www.windowslive.com/share.html?ocid=TXT_TAGHM_Wave2_sharelife_012008 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20080208/3bb78548/attachment.htm> -------------- next part -------------- A non-text attachment was scrubbed... Name: sscc.zip Type: application/x-zip-compressed Size: 128077 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20080208/3bb78548/attachment.bin>
Current thread:
- can there be a succeeded exploit?, (continued)
- can there be a succeeded exploit? Prince Brave (Feb 06)
- can there be a succeeded exploit? H D Moore (Feb 06)
- can there be a succeeded exploit? Prince Brave (Feb 06)
- can there be a succeeded exploit? Prince Brave (Feb 06)
- Creating Shellcode macubergeek at comcast.net (Feb 07)
- Creating Shellcode H D Moore (Feb 07)
- Creating Shellcode J.M. Seitz (Feb 07)
- Creating Shellcode Ty Miller (Feb 07)
- Creating Shellcode Leo Jackson (Feb 08)
- Creating Shellcode H D Moore (Feb 09)
- Creating Shellcode H D Moore (Feb 07)
- Creating Shellcode Leo Jackson (Feb 08)