Shellcode: Easy way to write shellcode for Windows

Compromising a box,writing an exploit of your own and getting a zero day is the dream of many people(script kiddie and noobs).Hacking does not mean defacing only...what I feel inorder to become an elite in this field one need to be good in programming then only one can come up from the level of a noob or script kiddie to an elite.

Here in this post we will see how we can write shellcode for windows that too using metasploit. What is a Shellcode? Shellcode is the operational code that gives a shell or a command console of the victim system for further operation.It is self sufficient and should be undetectable from firewall and IDS/IPS. Types of Shellcode(Windows): 1.Hardcoded Address Shellcode: Here the address of the syscall is coded along with the shellcode. 2.Non-hardcoded Address Shellcode: Here the address of syscall is not coded instead the address are obtained from the executing process. Lets see how we can write a shellcode using metasploit,here you have to write the code for the payload instead you can use the pre-supplied code in the Metasploit. Requirements: 1.Metasploit. 2.DEV C++ or Ms Visual C++ 3.Virtual environment(Vmware or Virtual box) Procedure: Step 1. Open Metasploit web as it is easy to use because of its GUI,it will open up in the deafult browser of the system as shown below.Click on the "Payloads" option in the interface.

Step 2. Now put a search for "Windows command" then scroll down to find "Windows command shell,Bind TCP(inline)" and click on it.You may use some other payload according to your desire.

Step 3. Now you can see there are few blank fields.So,fill the necessary details as shown in the image below. Here LPORT:Local port ; RHOST:Remote host's IpAddress(Victim Box).Since I want it as a C-program so I have choosen the "format" as C.After all the options are set click on generate.

Step 4. Now open up your desired Compiler here I have used DEV C++.Open up a new source file as shown below.

Step 5. Now copy the payload code and paste it in any of the two below mentioned code.

Note:Replace unsigned char securityhunk[ ] = "put your shellcode here"; with the payload code and change the "buf" in payload code with the desired array name,here it is "securityhunk". Confused???Follow the image below to get clear.

Step 6. Save the code with a desired name and with .C extension.Then press ctrl+f9(Compile) and ctrl+f10(Run) the code. Step 7. Now open up command prompt and type "netstast -a" and you can see the shellcode has binded to the desired port here it is "4444" as shown in the image below.