simple plugin to detect shellcode on Bro IDS with Unicorn
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bro
exploit_code
slide_report
vulnserver
README.md

README.md

#BroIDS_Unicorn

simple plugin to detect shellcode on Bro IDS with Unicorn

install bro and addon broccoli-python:

https://www.bro.org https://github.com/bro/broccoli-python

install unicorm-engine:

https://github.com/unicorn-engine/unicorn

##Vuln server:

new terminal run bro:

bro -i eth0 bro/detector.bro

new terminal run unicorn:

python bro/checkshell.py

run vuln service:

cd vulnserver

./socat.sh vuln

##client

change ip -> vuln server

run exploit

python exploit_code/pwn.py

##Video demo

https://youtu.be/0nd1XJ9I4pQ