Veil-Ordnance is a new tool recently added into the Veil-Framework. It's designed to quickly generate shellcode for exploits or use inside backdoor executables.
2. Shellcode Generation
Shellcode is commonly the medium for payloads
within exploits
Typically, it’s generated using one of two methods
msfvenom
msfpayload | mefencode
Unless custom written, most people rely on MSF
3. Veil-Evasion
We “outsource” our shellcode generation capabilities
Reliance on outside tools can cause problems
If msfvenom output changes, our parsing breaks
This has happened twice
Speed - MSF slow to start (even with simplified
framework)
4. What we need
We need a tool that generates shellcode
Output doesn’t change
Allows us to easily control what we want to parse
Still provide some bad character avoidance
capabilities
Speed is always nice too
7. Command Line Options
-p = Stager Type
rev_tcp…
- -ip = IP (or domain)
to connect to
- -port = Port to
connect to or listen
on
-e = encoder name
xor
-b = bad characters
- -print-stats = size,
name, etc.
- -list-payloads
- -list-encoders
9. Veil-Ordnance Info
Six different payloads
Tried to base off of my experience as most common (rev_tcp,
bind_tcp, rev_https, rev_http, rev_tcp_dns, rev_tcp_all_ports)
All payloads have been ported from the Metasploit Framework -
i.e. I did not write the shellcode!
Jon Yates (@redbeardsec) really helped with diving in to learn how
these are generated
1 Encoder
Single Byte Xor Encoder - Developed by Justin Warner (@sixdub)
11. I Need Help!
Encoders! Please, send me any/all python
POCs!
Slowly working through msf encoders
Feedback, bugs, etc.!
12. Thanks! Questions?
Get in touch!
@ChrisTruncer or @veilframework
https://www.veil-framework.com
https://www.christophertruncer.com
https://github.com/Veil-Framework
#Veil on Freenode
Chris at veil-framework dot com