The Grayscale Assembly DB is a one of a kind online searchable database of all intel instructions, searchable by opcode, name, and various other parameters. This tool was built 100% from scratch to assist in building the Grayscale disassembly engine, but was found to be so useful that it was developed fully into its own tool.
Due to popular request, here is the mysql .sql file used for the opcode database. It can be used to create your own intel x86 disassembler without too much hubub. The grayscale research proprietary x86 disassembler/decoder was written by using a script which generated a b-tree representation of this database. This file was inputted by hand directly from the Intel Software Developers Manuals vol 2 and 3 and took the near collapse of Jasons carpal tunnels to do. So yah, appreciate it.
A Linux (or other *nix) PTRACE based memory searching utility that supports per-process searching for user supplied memory patterns. Also has built in features to support loading binaries, pausing them, and searching. This tool is useful for finding static jmp/call combinations in running processes.
-j flag for automatic searching for jmp/call/ret instructions which simplify exploitation on a Linux ASLR platform.
-p dumps a processes maps to stdout.
-f loads a process from a /bin/path then provides an interactive map selection.
This tool is a compliment to the grayscale PHP CB shell, but written for ASP .NET servers. It utilizes the built in socket functionality of VB in order to establish an outbound shell connection from the server. This has the advantage of not causing an alert through the Windows builtin firewall. This was tested on IIS6.0 and Apache Tomcat w/ mod_aspdotnet.
This encoder was written to be used during penetration testing/software auditing to provide a wealth of string encoders from the command line. The binary itself is very small and depends solely on libc. Compiles in Windows and Linux fine.
./convert -mx ConvertStrToMySQL_0x
./convert -mc ConvertStrToMySQL_CHAR()
./convert -sc ConvertStrToMSQL_CHAR()
./convert -c ConvertStrToCEscape
Web Attack Usage:
./convert -x ConvertStrToXSS
./convert -u8 ConvertStrToUTF8
This tool was developed as part of our PT301 Advanced Penetration Testing course to assist with the generation of ret2eax SmackTheStack styled overflows. It will generate a string which when given the proper parameters, will partially automate the generation of ret2eax overflows on the Linux 2.6 ASLR platform.
This tool aims to partially automate the process of generating buffers which are utilized in the ret2esp style overflow attack documented by Izik Koetler in the paper "Smack the Stack". This tool was developed for the Advanced Penetration Testing 301 class, check the Training section for enrollment details.
This simple tool was built to demonstrate the opcode formatting of Intel x86 indirect jmp/calls by providing a runtime generated table of the opcodes. Its useful simply as a reference when performing application modifications on any x86 platform, or during exploit generation on any x86 platform.
This tool is an alternative to having to generate strings in the old "perl -e print("a"x100);" style. It allows you to generate a string on the command line that can be easily piped out to a file from a supplied hex string.