"Working on my 2º 'Drive-By' automated exploit, this module will build a shellcode obfuscated in javascript, and then inserted into a phishing webpage using a HTML javascript TAG, for last my toolkit will launch MitM+DNS_SPOOF to redirect a target to our fake webpage, thats going to execute the shellcode without any target interaction (without download and execute)."
"Working on my 2º 'Drive-By' automated exploit, this module will build a shellcode obfuscated in javascript, and then inserted into a phishing webpage using a HTML javascript TAG, for last my toolkit will launch MitM+DNS_SPOOF to redirect a target to our fake webpage, thats going to execute the shellcode without any target interaction (without download and execute)."
"special thanks to 'SBerry' for is firefox Heap Spray Vulnerabilty exploit"
http://pastebin.com/58z7aFam
projectshellcode
http://www.projectshellcode.com/?q=node/12
shellcode-and-metasploit:
http://resources.infosecinstitute.com/shellcode-and-metasploit/
anti-virus-evasion-using-custom-shellcode
http://www.digitalthreat.net/2012/02/anti-virus-evasion-using-custom-shellcode/
SHELL STORM DATABASE:
http://shell-storm.org/shellcode/
EXPLORING JAVASCRIPT SHELLCODE:
http://cdeaver.com/malware/20090904.htm
http://www.secsavvy.com/exploit-development/generating-shellcode
http://www.shelliscoming.com/2014/03/hidden-bind-shell-keep-your-shellcode.html
https://www.youtube.com/watch?v=T7GtWid5hsw&list=PLzigYO2Gm1T8OynaaSs6ljG6m7kFwBxNF
Last edit: pedro ubuntu 2015-01-04