Generating Shellcode using Metasploit


Metasploit
  • Share
  • SumoMe
  • Share
What is Shellcode??



Shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability.  It is called “shellcode” because it typically starts a  shell/command prompt  from which the attacker can control the compromised machine.  Shellcode is commonly written in machine code, but any piece of code that performs a similar task can be called shellcode. (Wikipedia)




Tools Needed



1. Metasploit Framework
2.  Dev C++ ( or you can use different C compiler)




Generating Shellcode



Using Metasploit we can easily generate a shellcode.

Watch this video for generating a shellcode and testing the shellcode with this simple C code.



unsigned char shellcode[] = "put your shellcode here";
int  main()
{
      // Function pointer points to the address of function.
      void (*shell)(); //Function pointer
      // Initializing a function pointer  with the address of a shellocde
      // & is optional
      shell= &shellcode;
      // Execute shellcode
      shell();
      return 0;
}





This is the list of some common shellcode( payloads):

  • Windows Execute Command: Execute an arbitrary command
  • Windows Meterpreter (skape/jt injection), Bind TCP Stager: Listen for a connection, Inject the meterpreter server DLL
  • Windows Executable Download and Execute: Download an EXE from a HTTP URL and execute it
  • Windows VNC Inject (skape/jt injection), Bind TCP Stagerem>: Listen for a connection, Inject the VNC server DLL and run it from memory
.