what is "DOPU shellcode buffer"

x0rz / EQGRP_Lost_in_Translation

Decrypted content of odd.tar.xz.gpg, swift.tar.xz.gpg and windows.tar.xz.gpg

1.87k stars 1.32k forks source link

what is "DOPU shellcode buffer" #6

Open 615 opened 7 years ago

615 commented 7 years ago

how to set up the value of "DOPU shellcode buffer"
use Eternalchampion thumb_mon_1704_14_1150978582736040_bccb62f8b8803a2

Atavic commented 7 years ago

https://github.com/boogaloo1977/EquationGroup/blob/2364f4bf3fb73f1d467fdcc8285742eaad2db86e/windows/payloads/Doublepulsar-1.3.1.0.xml#L71
https://github.com/boogaloo1977/EquationGroup/blob/2364f4bf3fb73f1d467fdcc8285742eaad2db86e/windows/specials/Eternalchampion-2.0.0.0.xml#L25

https://github.com/misterch0c/shadowbroker/issues/20

BennyThink commented 7 years ago

shellcode buffer means you need to use DoublePulsar to generate a shellcode(about 4KiB) and paste its hex content to fb(you could use WinHex to copy its hex), while shellcode file needs that 4KiB file generated by DoublePulsar in which you only need to point out its path. Judging by your bio, I assume you would probably understand Chinese so you could go to my profile page and check it out on my blogsite.