Shellcode

Sequence of bytes interpretable by the machine. This sequence is in machine code form. The shellcode, since it must be interpretable by the machine, or rather by the CPU, depends on the underlying architecture, processor, and Operating System.

msfvenom

Tool belonging to metasploit framework that can generate payloads and encode them.

For reverse shell payloads you have to set: multi/handler

msfvenom -l [payloads/formats/encoders/…]
msfvenom -p <PAYLOAD> --list-options

msfvenom -p <PAYLOAD> <PAR=VAL> -a <ARCH> -f <exe/elf/etc.> -o <FILENAME> 

Encoding

msfvenom -p <PAYLOAD> -e x86/shikata_ga_nai -i 10 -b '\x00' ...

msfvenom -p <PAYLOAD> -k -x winRAR.exe

Where

• -i number of iterations

• -e encoder

• -b bad characters to avoid

• -x specify a custom executable file to use as a template, but do not preserve the behavior.

• -e keep the model behavior and inject the payload as a new thread

Testing

You can test the shellcode with the following C code.

char code[] = "<shell code will go here!>";  // <--- 
int main(int argc, char **argv) {
	int (*func)();
	func = (int (*)()) code;
	(int)(*func)() ;
}