[framework] Creating Shellcode
Ty Miller
tyronmiller at gmail.com
Thu Feb 7 14:16:46 CST 2008
Thanks mate ... I'll check out the links.
I am currently developing on Linux and am making library calls, which was
one reason why I was turning to Hellkit since it apparently provides a bunch
of inlined syscalls.
So, would you recommend that I merge all of my functions into the main
function so that I can use Hellkit? (taking into account that this is my
first attempt at writing shellcode)
On 2/8/08, H D Moore <hdm at metasploit.com> wrote:
>
> The objdump output does not equal shellcode, especially if you make *any*
> library calls. On Linux and BSD, you can avoid library calls by going
> directly to inlined syscalls in your C code, however, on Windows, you
> really need to access functions inside kernel32 to make any progress.
> Unless you write your C code very carefully (and essentially mimic what
> most Windows shellcode does with regards to finding the base of
> kernel32), it just won't work.
>
> There are a few options available for doing this properly:
>
> InlineEgg - http://oss.coresecurity.com/projects/inlineegg.html
> MOSDEF - http://immunitysec.com/resources-freesoftware.shtml
> METASM - http://metasm.cr0.org/ (C compiler is new, not sure if does
> Windows yet)
>
> -HD
>
> On Thursday 07 February 2008, macubergeek at comcast.net wrote:
> > I just ran objdump -Dslx against nc.exe on a Linux box. It seems to
> > work ok. Can you see any reason why objdump wouldn't work properly
> > against windows executables as well as Linux binaries?
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework/attachments/20080208/a78c4008/attachment.htm
More information about the framework
mailing list