Posts Tagged shellcode

Why Encoding Does not Matter and How Metasploit Generates EXE’s

Payload executables generated by msfencode are commonly detected by antivirus engines, depending which antivirus engine is used. A common misconception is that the antivirus engines are actually detecting the shellcode, and therefore, the best way to avoid antivirus detection is to pick an encoder that the antivirus engine cannot handle, or encode many times. After […]

, , , , , ,

13 Comments

Shells, terminals, and sudo mitm

In many situations, you can find yourself with a simple shell, able to read and write stdin/stdout, but some command that you are using requires a full terminal. Example: you got a netcat shell on a server or you’re writing a web application with popen() calls, etc. If you need to execute a command through […]

, , , ,

No Comments

Shellcode API hashes

For all you shellcoders out there; to make Windows API calling easier, you can use Stephen Fewer’s block_api.asm in the Metasploit tree. http://www.metasploit.com/redmine/projects/framework/repository/revisions/8160/entry/external/source/shellcode/windows/x86/src/block/block_api.asm But you need the function hashes, which if you don’t have the DLL on your current OS, or the python file, or something like that can be annoying. So I posted a […]

, , ,

No Comments