Veil-Ordnance@ChrisTruncer

Shellcode Generation

Shellcode is commonly the medium for payloads within exploits

Typically, it’s generated using one of two methods

msfvenom

msfpayload | mefencode

Unless custom written, most people rely on MSF

Veil-Evasion

We “outsource” our shellcode generation capabilities

Reliance on outside tools can cause problems

If msfvenom output changes, our parsing breaks

This has happened twice

Speed - MSF slow to start (even with simplified framework)

What we need

We need a tool that generates shellcode

Output doesn’t change

Allows us to easily control what we want to parse

Still provide some bad character avoidance capabilities

Speed is always nice too

Veil-Ordnance

Command Line Driven

Command Line Options

-p = Stager Type

rev_tcp…

- -ip = IP (or domain) to connect to

- -port = Port to connect to or listen on

-e = encoder name

xor

-b = bad characters

- -print-stats = size, name, etc.

- -list-payloads

- -list-encoders

Verbose Output

Veil-Ordnance InfoSix different payloads

Tried to base off of my experience as most common (rev_tcp, bind_tcp, rev_https, rev_http, rev_tcp_dns, rev_tcp_all_ports)

All payloads have been ported from the Metasploit Framework - i.e. I did not write the shellcode!

Jon Yates (@redbeardsec) really helped with diving in to learn how these are generated

1 Encoder

Single Byte Xor Encoder - Developed by Justin Warner (@sixdub)

Demo Time

I Need Help!

Encoders! Please, send me any/all python POCs!

Slowly working through msf encoders

Feedback, bugs, etc.!

Thanks! Questions?Get in touch!

@ChrisTruncer or @veilframework

https://www.veil-framework.com

https://www.christophertruncer.com

https://github.com/Veil-Framework

#Veil on Freenode

Chris at veil-framework dot com