This tool is intended for educational and ethical hacking purposes only. Always obtain permission before testing any system or application. The developers are not responsible for any misuse or damage caused by this tool.
Environment Setup:
Creating Payload:
We applied -e x64/xor encoding to obfuscate the payload. This makes it harder for signature-based security tools (like antivirus or intrusion detection systems) to detect the shellcode. Simple XOR encoding also ensures low overhead compared to more complex encoders.
Executing victim process: The vulnerable_process is running as expected and remains in an active state, providing the necessary output:
If we don’t have these values, we could still locate the process using:
- ps aux | grep vulnerable_process – To find the process ID and verify its status.
- cat /proc//maps – To check memory mappings and identify a writable and executable memory region.
On the attacker machine a Metasploit listener was set up:
Executing Exploit:
