Hello, my hacker friends. Today I’m gonna talk about a multi shellcode generator known as “Venom”.
Yeah, it’s called as venom because some part of its played by a well-known tool of Metasploit “Msfvenom”.
Venom was developed by r00t-3xp10it and concept was by Chaitanya.
This exploiter took about 5 months to be completed but finally, it’s public now.
Venom is a shellcode generator / Compiler which produces undetectable payload for various OS format and of Various types.
It generates the shellcode using Metasploit and other tools.
Watch this tutorial for better understanding on the functioning of venom:
The script will use msfvenom (Metasploit) to generate shellcode in different formats ( c | Python | Ruby | dll | msi | hta-psh ), inject the shellcode generated into one function.
“the Python function will execute the shellcode in ram” and uses compilers like GCC (gnu cross compiler) or mingw32 or pyinstaller to build the executable file, also starts a multi-handler to receive the remote connection.
‘shellcode generator’ tool reproduces some of the technics used by Veil-Evasion framework, unicorn.py, powersploit, etc.
1.Open terminal and type “git clone https://github.com/r00t-3xp10it/venom.git”
2.Change your directory to venom folder and find the executable .sh file
3.Change the permission by “chmod +x venom.sh”
4.Run the script by “./venom.sh”
1.After running the script, it will provide you with available attack form/vectors/OS, select your appropriate one.
2.Next, it will prompt for your IP address, enter your ip by seeing from “ipconfig”
3.Type in a port number when asked for to set up your listener
4.It will now list available payload for that vector, select accordingly.
5.Enter the output file name.
6.Now it will display the path to the payload and will ask how to deliver the payload, choose multi-handler. Click OK
7.Social engineer, the victim to execute your payload, then you will get a meterpreter session on your terminal.
After successful attack, you will get a meterpreter shell on your desktop from the target
Note: Never submit the output file to any cloud-based antivirus. and to know how to play pranks with windows read the following article on How To Create Exploits For Hacking Using FatRat. If you liked this article then kindly share with your hacker friends to know about this tool and if you have any query or problem with the topic kindly let me know in the comments below and I will try to solve it. Thank you.
Hack It Have it.