Project Shellcode

Hey johnacandy,

I have to agree with joanelis that a Shellcode Generator generates shellcode.

... but to give a more detailed answer, I'll assume that you are referring to Shellcode Tutorial 9: Generating Shellcode Using Metasploit.

Metasploit is an exploit framework that contains a shellcode generator "msfpayload", which provides you with the ability to create shellcode for:

- different platforms, such as Linux, Windows, OSX, BSD, AIX, Solaris, Netware, etc.

- different hardware types, such as x86, ppc, ppc64, sparc, iPhone, etc.

- different shellcode functions, such as reverse connections, HTTP tunneling, port bind, spawn a shell, run a command, and of course a meterpreter payload.

- different encodings, which may be required for the shellcode to run in different exploits.

Beyond that, you are better off working through the tutorials to learn how shellcode works, and playing with msfencode as detailed in tutorial 9.

In terms of getting shellcode to run via an image, you are basically talking about finding an image exploit that you can place shellcode into. This is what joanelis is saying by exploiting a vulnerability in an image reader.

Other less common techniques may be to embed an executable payload within either a PDF, which was a recent technique that was released, or within a GIFAR attack (combined GIF and JAR file - http://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-McFeters/BH_US_0...).

Hope this helps,
Ty