pedro ubuntu - 2014-12-06


.::[ 'Drive-By' Javascript Shellcode Injection ]::

        "Develop Stage -> to be released in version 4.4"

"Working on my 2º 'Drive-By' automated exploit, this module will build a shellcode obfuscated in javascript, and then inserted into a phishing webpage using a HTML javascript TAG, for last my toolkit will launch MitM+DNS_SPOOF to redirect a target to our fake webpage, thats going to execute the shellcode without any target interaction (without download and execute)."

alternate text

"special thanks to 'SBerry' for is firefox Heap Spray Vulnerabilty exploit"
http://pastebin.com/58z7aFam


                "Some Usefull Study Links:

projectshellcode
http://www.projectshellcode.com/?q=node/12

shellcode-and-metasploit:
http://resources.infosecinstitute.com/shellcode-and-metasploit/

anti-virus-evasion-using-custom-shellcode
http://www.digitalthreat.net/2012/02/anti-virus-evasion-using-custom-shellcode/

SHELL STORM DATABASE:
http://shell-storm.org/shellcode/

EXPLORING JAVASCRIPT SHELLCODE:
http://cdeaver.com/malware/20090904.htm

http://www.secsavvy.com/exploit-development/generating-shellcode

http://www.shelliscoming.com/2014/03/hidden-bind-shell-keep-your-shellcode.html

https://www.youtube.com/watch?v=T7GtWid5hsw&list=PLzigYO2Gm1T8OynaaSs6ljG6m7kFwBxNF

        "Start thread By [ r00t-3xp10it ]"
 

Last edit: pedro ubuntu 2015-01-04