Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

Veil-Ordnance is a new tool recently added into the Veil-Framework. It's designed to quickly generate shellcode for exploits or use inside backdoor executables.

Published in: Technology
  • Be the first to comment


  1. 1. Veil-Ordnance @ChrisTruncer
  2. 2. Shellcode Generation Shellcode is commonly the medium for payloads within exploits Typically, it’s generated using one of two methods msfvenom msfpayload | mefencode Unless custom written, most people rely on MSF
  3. 3. Veil-Evasion We “outsource” our shellcode generation capabilities Reliance on outside tools can cause problems If msfvenom output changes, our parsing breaks This has happened twice Speed - MSF slow to start (even with simplified framework)
  4. 4. What we need We need a tool that generates shellcode Output doesn’t change Allows us to easily control what we want to parse Still provide some bad character avoidance capabilities Speed is always nice too
  5. 5. Veil-Ordnance
  6. 6. Command Line Driven
  7. 7. Command Line Options -p = Stager Type rev_tcp… - -ip = IP (or domain) to connect to - -port = Port to connect to or listen on -e = encoder name xor -b = bad characters - -print-stats = size, name, etc. - -list-payloads - -list-encoders
  8. 8. Verbose Output
  9. 9. Veil-Ordnance Info Six different payloads Tried to base off of my experience as most common (rev_tcp, bind_tcp, rev_https, rev_http, rev_tcp_dns, rev_tcp_all_ports) All payloads have been ported from the Metasploit Framework - i.e. I did not write the shellcode! Jon Yates (@redbeardsec) really helped with diving in to learn how these are generated 1 Encoder Single Byte Xor Encoder - Developed by Justin Warner (@sixdub)
  10. 10. Demo Time
  11. 11. I Need Help! Encoders! Please, send me any/all python POCs! Slowly working through msf encoders Feedback, bugs, etc.!
  12. 12. Thanks! Questions? Get in touch! @ChrisTruncer or @veilframework #Veil on Freenode Chris at veil-framework dot com