Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shellcode replacement. #10

Open
fionafibration opened this issue Aug 21, 2016 · 7 comments
Open

Shellcode replacement. #10

fionafibration opened this issue Aug 21, 2016 · 7 comments

Comments

@fionafibration
Copy link

How would one go about replacing the payload here with another? Can the current kernel32 stuff be used, or would you have to make your own? I want to be able to use my own encoded shellcode. Thanks, and thank you for making this.
@KernelEquinox
Copy link
Owner

Sure thing! Just replace the $sc variable with your desired payload and it should work fine. I'm also working on remaking the INO file to make it a little more dev-friendly; I should have a dev branch pushed sometime today.

@fionafibration
Copy link
Author

Don't you need to initialize kernel32.dll in a different way to run your
own, say, the metasploit you got pwned (speech synthesis) shellcode. I
haven't even written shellcode before(I am only 14 years old and just
playing around with this advanced powershell), just wondering what I can
run with the default variables. Nice code, by the way.

On Tue, Aug 23, 2016 at 8:27 AM, cry0 notifications@github.com wrote:

Sure thing! Just replace the $sc variable with your desired payload and
it should work fine. I'm also working on remaking the INO file to make it a
little more dev-friendly; I should have a dev branch pushed sometime today.


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#10 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AQDJZITtePxCjzYkZa1ZQBGDZdpPqEvrks5qiwNtgaJpZM4Jpa5t
.

@KernelEquinox
Copy link
Owner

Thanks! And nah, just pop your own shellcode into the $sc variable and you're good to go. It allocates space in memory with VirtualAlloc() and populates it with memset(), then runs CreateThread() to execute the payload.

@fionafibration
Copy link
Author

Doesn't it set up where registers go, like the network IP? Or is that
handled in the shellcode?

On Aug 24, 2016 1:57 PM, "cry0" notifications@github.com wrote:

Thanks! And nah, just pop your own shellcode into the $sc variable and
you're good to go. It allocates space in memory with VirtualAlloc() and
populates it with memset(), then runs CreateThread() to execute the payload.


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

@KernelEquinox
Copy link
Owner

The kernel32 module just provides the VirtualAlloc() and CreateThread() functions. The IP and port are part of the shellcode.

@vKVluPhP
Copy link

what type of payload did u used ?
msfvenom generates longer shellcode from windows/powershell_reverse_tcp, although msf listener could not establish connection.
did u used encoder ?

@fionafibration
Copy link
Author

I used the default, that is already in the code.

On Sep 27, 2016 1:26 PM, "vKVluPhP" notifications@github.com wrote:

what type of payload did u used ?
msfvenom generates longer shellcode from windows/powershell_reverse_tcp,
although msf listener could not establish connection.
did u used encoder ?


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#10 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AQDJZFvmAgdqbcpDuU7LVeqMNnSjEvevks5quW35gaJpZM4Jpa5t
.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@KernelEquinox @fionafibration @vKVluPhP