Another shellcode?

Open anasorova opened this issue 5 years ago • 1 comments

I changed the test.raw shellcode to a different one and I'm getting the same detects as with original. I noticed that, if I comment out the line memcpy(addressPointer ... ) with "unencrypted" bytes there are no detects. Do you have any ideas why it can happen with my shellcode, but not with meterpreter (as in your code)?

Nov 21 '20 13:11 anasorova

if you're commenting the memcpy call, you will not be going to run the shellcode as the shellcode hasn't been written in the correct allocation place yet.

Dec 15 '21 15:12 GetRektBoy724