Comments (3)
Just as a side-note, my statement in first post might be misguiding when I say that "msfvenom is a shellcode generator".
msfvenom also have some other functionalities like generating payload files for web applications in general (php, war, asp, etc.) that are not shellcode-and-process injection related and have some similarities with shellpop main functionality, which is: "getting shells through code execution".
Their main difference is that shellpop focus on dynamic one-liner commands to get shell, while msfvenom in most situations like this generates you a file, which in some situations could be cumbersome (too big) or troublesome (no way to upload files, just execute commands).
Command execution is a primitive condition in order to get a remote shell before uploading files. It is probable that sometimes you will achieve command execution but file upload is not viable or even possible.
from shellpop.
Well, they are totally different tools.
For msfvenom, it is a SHELLCODE generator, which you could use in binary exploitation exploits. There is also the possibility to create staged and stageless payloads to a file which in turn execute this SHELLCODE using many techniques and a lot of formats, depending on the operational system. In windows, for example, to execute a meterpreter RAT, msfvenom creates a binary file in PE format which uses Reflective DLL Loader to inject this above mentioned shellcode into a remote process.
Shellpop, on other hand, is a Reverse Shell Generator with many capabilities like obfuscation and reaches a lot of exoteric protocols for reverse shells (like UDP), but don't go anything beyond that.
So, another practical difference from both tools would be the scenario below:
You have a RCE vulnerability in a web application, you could:
- Use msfvenom to create a file, serve it using HTTP server, use ANOTHER TOOL like wget or curl to download and execute it (IF you have write permissions)
OR
- Use shellpop to directly execute code through RCE vulnerability and pop shells.
You can note that MSFVENOM relies on the premise of another tool to download it's code and execute, while Shellpop, as a reverse shell generator, does not. It can be executed directly through the vulnerable vector and directly "from memory";
If you still need something to be cleared up, please, ask away.
If not, tell me that I can close this issue!
from shellpop.
Ooh, a perfect explanation!
Thanks a lot.
I'll close the issue, then. Thanks!
from shellpop.
Related Issues (16)
- ModuleNotFoundError: No module named 'bind' HOT 2
- refer lang or other rememberable name instead of number HOT 12
- Powershell Suggestion HOT 1
- Doubts HOT 2
- Hide cmd windows on remote target HOT 4
- Bind TCP Ruby shell is broken HOT 3
- python3: TabError: inconsistent use of tabs and spaces in indentation HOT 1
- Design Issue: setup.py should be optional
- NameError: global name 'sys' is not defined
- Powershell reverse shell fails on Windows 7 / Windows 10 HOT 2
- Arguments --powershell-x64 and --powershell-x86 seem to be mixed up HOT 1
- Extra shell commands
- No module named pyperclip (venv install)
- No module named 'encoders' HOT 2
- Requirements.txt should include netifaces HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from shellpop.