iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Shellcoding // Exploit Writing
  • Sh3llc0d3
    Posts: 1,910
    I'm looking to establish how many people roughly actively code shellcode and software exploits (local and remote), for anyone who asks why: all will become clear in the near future.

    Just score in the poll, multiple choices allowed.
  • McKittrick
    Posts: 194
    this is, for the most part, a newb board from what i see, so i doubt you will alot of people claiming to write their own shellcode. some might dabble with it for now. i am curious though, since shellcode and SEH and such is being discussed on here as of late, do we have any one with knowledge about GDT and KDTs, as well as the IVT? (global/kernel descriptor tables/interrupt vector)

    i mention this since i came across a tool not too long ago written by a very well-versed-in-code gamer (the name eludes me ATM) who wrote a tool to dump the GDT and KDTs. i have never seen a program besides his that could that
  • Xin
    Posts: 3,251
    I dont code my own shellcode no.
    Xin
  • Sh3llc0d3
    Posts: 1,910
    said:


    I dont code my own shellcode no.


    Use Metasploit?
  • Xin
    Posts: 3,251
    said:


    said:


    I dont code my own shellcode no.


    Use Metasploit?


    Yeah for the most part, it does the job. You?
    Xin
  • Sh3llc0d3
    Posts: 1,910
    Yeah mostly use metasploit, starting to code my own though, simple stuff as I'm yet to get into socket coding in asm. Hopefully will do soon :)
  • D0WNGRADE
    Posts: 220
    I tend to write my own shellcode, I like things from me, not some program doing my job. :P
    I also write my own exploits, for the most part.
  • Sh3llc0d3
    Posts: 1,910
    Thanks for voting D0wngrade :)
  • LiquidFusi0n
    Posts: 10
    Well I can code exploits and produce shellcode.... as for actually writing my own shellcode no. For the most part I use metasploit, one question, do you also encode your own shellcode when writting, avoiding bad chars etc... ?
  • undead
    Posts: 822
    I don't code my own shellcode, I use metasploit because it does my job.
    I voted for the second option because I usually re-create exploits for already exploited applications for... training ;)
  • Sh3llc0d3
    Posts: 1,910
    This was/is for a website I coded. I need to get it back online as soon as but funding is low at the moment.

    Well I can code exploits and produce shellcode.... as for actually writing my own shellcode no. For the most part I use metasploit, one question, do you also encode your own shellcode when writting, avoiding bad chars etc... ?



    I can to a varied extent. I code in GAS which limits me to linux obviously - which I prefer. I use Metasploit 9 times out of 10 unless I want something specific, I like having the option. I don't encode my own but I was looking at coding a program to encode shellcode. Gave up a while back though as the website took up a lot of time to code.
  • nu11byte
    Posts: 53
    Yes for both. Although I never go for high reputation software (Have found some remote exploits in some known software). I prefer to know what, why and how I got to exploitation level. Also prefer my own shellcode as I know what I am running. Are you going to make a group? Don't request me, I work alone unless I know others are of a good-professional level.[hr]
    said:


    This was/is for a website I coded. I need to get it back online as soon as but funding is low at the moment.

    Well I can code exploits and produce shellcode.... as for actually writing my own shellcode no. For the most part I use metasploit, one question, do you also encode your own shellcode when writting, avoiding bad chars etc... ?



    I can to a varied extent. I code in GAS which limits me to linux obviously - which I prefer. I use Metasploit 9 times out of 10 unless I want something specific, I like having the option. I don't encode my own but I was looking at coding a program to encode shellcode. Gave up a while back though as the website took up a lot of time to code.


    There are already programs out there that convert your code into hex string. I have a few links if you would like 'em?
  • Sh3llc0d3
    Posts: 1,910
    said:


    Yes for both. Although I never go for high reputation software (Have found some remote exploits in some known software). I prefer to know what, why and how I got to exploitation level. Also prefer my own shellcode as I know what I am running. Are you going to make a group? Don't request me, I work alone unless I know others are of a good-professional level.[hr]

    said:


    This was/is for a website I coded. I need to get it back online as soon as but funding is low at the moment.

    Well I can code exploits and produce shellcode.... as for actually writing my own shellcode no. For the most part I use metasploit, one question, do you also encode your own shellcode when writting, avoiding bad chars etc... ?



    I can to a varied extent. I code in GAS which limits me to linux obviously - which I prefer. I use Metasploit 9 times out of 10 unless I want something specific, I like having the option. I don't encode my own but I was looking at coding a program to encode shellcode. Gave up a while back though as the website took up a lot of time to code.


    There are already programs out there that convert your code into hex string. I have a few links if you would like 'em?



    No i'm not making a group. It's fine, the encoding program was going to just be a project to keep me busy ages ago. Got a few more at the mo.
Add a Comment