Posted by SkyLined on January 11th, 2010 in Assembler, Programming Languages, Security and Shellcode ·
Everyone and their dog seems to want to use download and execute shellcode in their exploits. Even though this has some drawbacks:
You need to create an .exe file on the system, which will very likely draw unwanted attention…
Posted by SkyLined on January 11th, 2010 in Assembler, C/C++, Programming Languages, Security, Shellcode and Tools ·
During shellcode development, it makes sense to have a program that can easily load your shellcode at a controlable location, allows you to set registers and memory to certain values and execute the shellcode by setting EIP through a RET or CALL instruction.
The Testival project aims to do all those things and more: it also allows you to test ret-into-libc attacks, set the type of memory allocation you want (RWE flags, etc…), report exceptions in your code to stdout as well as load DLLs to test shellcode in DllMain.
Testival is used by ALPHA3 for automatically testing if all the en-/decoders work.
Testival requires SkyBuild to automatically build all files.
Posted by SkyLined on January 10th, 2010 in Assembler, PoC, Programming Languages, Python, Security and Tools ·
I realized that if I would wait until I had fully documented everything in ALPHA3, it would probably never get released…
Posted by SkyLined on January 2nd, 2010 in Assembler, Programming Languages, Security and Shellcode ·
One limitation of most alphanumeric shellcode decoders, including those in ALPHA2 and the soon-to-be-released ALPHA3 is that they need to know where they are located in memory in order to decode themselves and run correctly…
Posted by SkyLined on January 2nd, 2010 in Assembler, Programming Languages, Security and Shellcode ·
w32-bind-ngs-shellcode is a small, null-free 32-bit Windows port-binding shellcode. The total shellcode is currently 214 bytes and supports Windows 5.0-7.0 all service packs…
Posted by SkyLined on January 2nd, 2010 in Assembler, C/C++, Programming Languages and Python ·
SkyBuild is a simple build system written in Python that I created to be able to build my source codes in various environments without having to figure out what compilers are installed and having to manually execute them with the right flags and figure out dependencies. It’s similar to “make” in many ways…
Posted by SkyLined on July 22nd, 2009 in Assembler, Programming Languages, Security and Shellcode ·
If you’ve coded shellcode before, you know that the code often needs to find out the base address address where kernel32.dll is loaded in memory. Most publicly available code expects the second entry in the “InitializationOrder” list to be kernel32…
