Download and LoadLibrary shellcode released

Posted by SkyLined on January 11th, 2010 in , , and · 4 Comments

Everyone and their dog seems to want to use download and execute shellcode in their exploits. Even though this has some drawbacks:

You need to create an .exe file on the system, which will very likely draw unwanted attention…

Testival released

Posted by SkyLined on January 11th, 2010 in , , , , and · 0 Comments

During shellcode development, it makes sense to have a program that can easily load your shellcode at a controlable location, allows you to set registers and memory to certain values and execute the shellcode by setting EIP through a RET or CALL instruction.

The Testival project aims to do all those things and more: it also allows you to test ret-into-libc attacks, set the type of memory allocation you want (RWE flags, etc…), report exceptions in your code to stdout as well as load DLLs to test shellcode in DllMain.

Testival is used by ALPHA3 for automatically testing if all the en-/decoders work.

Testival requires SkyBuild to automatically build all files.

Countslide alphanumeric GetPC

Posted by SkyLined on January 2nd, 2010 in , , and · 5 Comments

One limitation of most alphanumeric shellcode decoders, including those in ALPHA2 and the soon-to-be-released ALPHA3 is that they need to know where they are located in memory in order to decode themselves and run correctly…

w32-bind-ngs-shellcode released

Posted by SkyLined on January 2nd, 2010 in , , and · 0 Comments

w32-bind-ngs-shellcode is a small, null-free 32-bit Windows port-binding shellcode. The total shellcode is currently 214 bytes and supports Windows 5.0-7.0 all service packs…

Shellcode: finding the base address of kernel32 in Windows 7

Posted by SkyLined on July 22nd, 2009 in , , and · 14 Comments

If you’ve coded shellcode before, you know that the code often needs to find out the base address address where kernel32.dll is loaded in memory. Most publicly available code expects the second entry in the “InitializationOrder” list to be kernel32…

ASCII Art

Posted by SkyLined on August 3rd, 2008 in and · 0 Comments

I’ve put some of the ASCII Art I’ve created over the years online here. This includes never before publicly released ASCII Art shellcode.