pedro ubuntu - 2014-12-06


.::[ 'Drive-By' Javascript Shellcode Injection ]:: 
        "Develop Stage -> to be released in version 4.4"

"Working on my 2º 'Drive-By' automated exploit, this module will build a shellcode obfuscated in javascript, and then inserted into a phishing webpage using a HTML javascript TAG, for last my toolkit will launch MitM+DNS_SPOOF to redirect a target to our fake webpage, thats going to execute the shellcode without any target interaction (without download and execute)."

![alternate text](https://db.tt/dcTE5HF7)

"special thanks to 'SBerry' for is firefox Heap Spray Vulnerabilty exploit"
http://pastebin.com/58z7aFam


                "Some Usefull Study Links:

projectshellcode
http://www.projectshellcode.com/?q=node/12

shellcode-and-metasploit:
http://resources.infosecinstitute.com/shellcode-and-metasploit/

anti-virus-evasion-using-custom-shellcode
http://www.digitalthreat.net/2012/02/anti-virus-evasion-using-custom-shellcode/

SHELL STORM DATABASE:
http://shell-storm.org/shellcode/

EXPLORING JAVASCRIPT SHELLCODE:
http://cdeaver.com/malware/20090904.htm

http://www.secsavvy.com/exploit-development/generating-shellcode

http://www.shelliscoming.com/2014/03/hidden-bind-shell-keep-your-shellcode.html

https://www.youtube.com/watch?v=T7GtWid5hsw&list=PLzigYO2Gm1T8OynaaSs6ljG6m7kFwBxNF

        "Start thread By [ r00t-3xp10it ]"
 

Last edit: pedro ubuntu 2015-01-04