Re: connect-back win32 shellcode
From: Mhal (mathias.hallosserie@wanadoo.fr)
Date: 04/12/03
- Previous message: Indian Tiger: "Testing Cross-Site Scripting to Inject and run malicious code"
- In reply to: wirepair: "connect-back win32 shellcode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Mhal" <mathias.hallosserie@wanadoo.fr> To: "wirepair" <wirepair@roguemail.net>, <pen-test@securityfocus.com> Date: Sat, 12 Apr 2003 14:04:16 +0200
You could take a look on MSDN papers about PE file format and DBGhelp lib.
It's a good begining I guess.
Regards...
Mhal
----- Original Message -----
From: "wirepair" <wirepair@roguemail.net>
To: <pen-test@securityfocus.com>
Cc: <vuln-dev@securityfocus.com>
Sent: Wednesday, April 09, 2003 7:10 PM
Subject: connect-back win32 shellcode
> lo all,
> So I've decided to take the dive into writing windows
> based (memory) exploits *shudders*, I'm having some
> serious complications regarding shellcode and well, how to
> go about writing it. Is there some solid documentation on
> the function of LoadLibraryA/GetProcAddress
> handlers/functions? Also if anyone has a good disassembly
> of any of the connected back shellcodes (Dark
> Spyrit:null.printer/David Litchfield's:sql hello) I would
> appreciate getting my hands on them. Most of the NT
> Overflow papers I see are based on old versions of windows
> (nt4) or the examples are completely outdated. It seems
> that most of these papers do not give a good explanation
> of the importance of the LoadLibraryA/GetProcAddress
> calls. Maybe I am missing something, probably am... This
> is not as easy as unix land and for someone who codes only
> in *nix environments, I'm finding Windows API's well,
> terrifying.
> Thanks for any information,
> -wire
> _____________________________
> For the best comics, toys, movies, and more,
> please visit <http://www.tfaw.com/?qt=wmf>
>
--------------------------------------------------------------
Costs are climbing and complaints are rising
as SPAM overloads your e-mail servers and Inboxes
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it.
http://www.securityfocus.com/SurfControl-pen-test2
Download a free trial and see just
what's going in and out of your organization.
--------------------------------------------------------------
- Previous message: Indian Tiger: "Testing Cross-Site Scripting to Inject and run malicious code"
- In reply to: wirepair: "connect-back win32 shellcode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
