Re: Windows reverse Shell

From: Ali Saifullah Khan (whipaz@gem.net.pk)
Date: 02/04/03

  • Next message: jasonk: "RE: Possible DOS against search engines?" 
    Date: 4 Feb 2003 15:07:48 -0000
From: Ali Saifullah Khan <whipaz@gem.net.pk>
To: vuln-dev@securityfocus.com
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <1028124981.20030204013745@hotmail.kg>

    >Hello guys,
    >
    >David Litchfield in his Blackhat talk, talked about using socket handle
    >from WSASocket() and pass that handle as a parameter to stdin, stdout
    >and stderr for CreateProcess function. By doin this way his reverse
    >cmd shellcode becomes much smaller. I tried coding that reverse
    >command shell in C, but couldnt get it to work. It simply connects to
    >my listening netcat listener and then disconnects. David Litchfield
    >used 4 functions to achieva that WSASocket, bind, connect and
    >CreateProcess. A lil help would b appreciated on building this reverse
    >cmd shell. thanx.
    >
    >
    >--
    >Best regards,
    > A*** mailto:netninja@hotmail.kg
    >
    >
    Firstly, please elaborate on what you mean by "connecing and disconnecting
    immediately " ..... are you implying that it gets a FIN immediately, or
    are you watching netcat's non-verbose output on the cmdline :-)
     
    Secondly, If i am correct, and WSASocket() gets you your socket handle,
    then it is apparent that WSASocket() is failing. You should check your
    initialization of winsock in the code (Include some error-checking code to
    see if its being started properly or not and paste the output in your
    reply)

    • Quantcast