veil-ordnance
DESCRIPTION
Veil-Ordnance is a new tool recently added into the Veil-Framework. It's designed to quickly generate shellcode for exploits or use inside backdoor executables.TRANSCRIPT
Veil-Ordnance@ChrisTruncer
Shellcode Generation
Shellcode is commonly the medium for payloads within exploits
Typically, it’s generated using one of two methods
msfvenom
msfpayload | mefencode
Unless custom written, most people rely on MSF
Veil-Evasion
We “outsource” our shellcode generation capabilities
Reliance on outside tools can cause problems
If msfvenom output changes, our parsing breaks
This has happened twice
Speed - MSF slow to start (even with simplified framework)
What we need
We need a tool that generates shellcode
Output doesn’t change
Allows us to easily control what we want to parse
Still provide some bad character avoidance capabilities
Speed is always nice too
Veil-Ordnance
Command Line Driven
Command Line Options
-p = Stager Type
rev_tcp…
- -ip = IP (or domain) to connect to
- -port = Port to connect to or listen on
-e = encoder name
xor
-b = bad characters
- -print-stats = size, name, etc.
- -list-payloads
- -list-encoders
Verbose Output
Veil-Ordnance InfoSix different payloads
Tried to base off of my experience as most common (rev_tcp, bind_tcp, rev_https, rev_http, rev_tcp_dns, rev_tcp_all_ports)
All payloads have been ported from the Metasploit Framework - i.e. I did not write the shellcode!
Jon Yates (@redbeardsec) really helped with diving in to learn how these are generated
1 Encoder
Single Byte Xor Encoder - Developed by Justin Warner (@sixdub)
Demo Time
I Need Help!
Encoders! Please, send me any/all python POCs!
Slowly working through msf encoders
Feedback, bugs, etc.!
Thanks! Questions?Get in touch!
@ChrisTruncer or @veilframework
https://www.veil-framework.com
https://www.christophertruncer.com
https://github.com/Veil-Framework
#Veil on Freenode
Chris at veil-framework dot com