Stock shell codes reaching use-by date

Powered by SC Magazine
 

Ty Miller sells shell at BlackHat.

The chief technology officer of a Sydney-based penetration testing firm has warned of an increasing obsolescence of stock shell codes used in penetration testing and hacking, calling on infosec professionals to begin writing their own variants.

Pure Hacking's Ty Miller told SC that stock shell codes, such as that used in the popular Metasploit Framework, had become less suitable for penetration attempts, often hitting firewalls and authentication systems.

They were designed to exploit mail and other servers but most targets had since moved to client software.

“These days we’re attacking software like Adobe, trying to break out of it,” Miller told SC. “Your custom shell will do things like tunnel out through DNS, or over FTP, without unintentionally hitting firewalls.”

Custom-built shell codes were of greater value, he said, as they outlived the typical three-month half-life of an individual exploit.

Shell code is a payload of software exploits that operates from a command shell. It gives more capability to an attacker and remains effective longer than exploits alone, which might be patched quickly.

Shell code could be reused in most exploits and remained viable for up to a decade.

Though most infosec professionals were used to running stock shell code, Miller said custom code was far more effective and capable.

Miller has focused in past years on building custom shell code rather than exploits. He had integrated a number of the applications with Metasploit to take advantage of the frameworks’ 600-plus exploits.

He will run a two-day training course on how to build custom shell code and integrate with Metasploit at the BlackHat conference in Las Vegas next week.

It will examine all types of shell code, Miller said, including dynamic shell code, portbind, connectback, egghunt, and command execution.

Copyright © SC Magazine, Australia


Stock shell codes reaching use-by date
 
 
 
Top Stories
Parliament passes law to let ASIO tap entire internet
Greens effort to limit devices fails.
 
Business-focused Windows 10 brings back the Start menu
Microsoft skips 9 for the "greatest enterprise platform ever".
 
Feeling Shellshocked?
Stay up to date with patching for the Bash bug.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  65%
 
Advanced persistent threats
  5%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1395

Vote