Closed jowasp closed 8 years ago
Hi johanna,
users are following this steps because of 2things
1- shellcodes
2-assembly code
if they answer yes
to assembly code, software will ask them if they want shellcode too, but if they don't want asm code, it will generate shellcode automaticly, because if they answer no
to shellcode too, it will return nothing, [there is also a question for file output]
is it better to generate automaticly or ask if user want ? I think must of users want shellcode to use as payload in exploit, and shellcode c output it's just for testing if it's works, and it's better if we don't ask much questions, if it's need to be add , i can add it.
I agree with @Ali-Razmjoo . If the user doesn't want to see the assembly, he must have used the tool to get shellcode, so there is no need for asking.
Because it's a ux thing, maybe we could ask more users about it, @Pratik151 @paraschetal , what's your ideas ?
I also think that shellcode should be output without asking the user, since it will be directly copy pasted by the user into an exploit. For assembly code and .c file we can ask.
Either way is not a big issue , more of a UX thing. I think w can close this one ;-)
thanks Johanna @jowasp for notice about that by the way.
Steps to reproduce: Choose zsc>shellcode>generate>osx_x86>system>command_to_execute Set command to 'clear' choose none as encoder type
Issue: forgets to ask 'output shellcode too?(y or n) Instead the shellcode is generate at once without requesting