Help With Exploit Code

This is a discussion on Help With Exploit Code within the C Programming forums, part of the General Programming Boards category; <<ANGRY MOD EDIT>> I am aware that my shellcode will not work, however that isn't my problem (at the current ...

  1. #1
    Registered User
    Join Date
    Jun 2005
    Posts
    18

    Help With Exploit Code

    <<ANGRY MOD EDIT>>

    I am aware that my shellcode will not work, however that isn't my problem (at the current moment.)

    Why isn't system even running file.exe? I have spent ages on this, and yes the file is in the right place.

  2. #2
    Super Moderator VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,596
    What is that crap?

    If you are attempting to do assembly with all those hex values, there is a better way. Just inline it. This is not BASIC where you have to put the assembly opcodes into a text string and then do a CALL ABSOLUTE to it or use VARPTR.

  3. #3
    Registered User
    Join Date
    Jun 2005
    Posts
    18
    You might want to research shellcode (maybe on wikipedia)

    Because that's how it's done. As I said, I wasn't asking for help with that. I just need my file executed.

  4. #4
    Disrupting the universe Mad_guy's Avatar
    Join Date
    Jun 2005
    Posts
    258
    Since you're on Windows, try this instead:

    SHELLEXECUTEINFO info = { 0 };

    info.cbSize = sizeof(info);
    info.lpVerb = "open";
    info.lpFile = "c:\\file.exe";
    info.lpParameters = hellcode;
    info.nShow = SW_SHOW;

    ShellExecuteEx(&info);

    Also, you can optimize your shellcode development by using naked functions and inline assembly, the only catch is that it changes the harness a little bit so at the end of the ASM you need to put something that generates a null, then you can just strlen your exploit like so (MSVC++):

    Code:
    __declspec(naked) void hellcode(void) {
       __asm {
         //all your asm are belong to here
         _emit 00
      }
    }
    
    //...
    
    send(s,hellcode,strlen(hellcode),0);
    Of course, the only catch is that it may be tough/tiring to concatenate things like raw bytes to it, but you can just end the __asm block and start a new one if that kind of need arises. This is kind of a tangent but I figure it's something worth mentioning since we're on the subject.
    operating systems: mac os 10.6, debian 5.0, windows 7
    editor: back to emacs because it's more awesomer!!
    version control: git

    website: http://0xff.ath.cx/~as/

  5. #5
    Super Moderator VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,596
    Because that's how it's done.
    I highly doubt it.

    From the looks of it, file.exe will take the parameters and emit them as is into the code stream and/or stick them somewhere in memory and perform a jump to that address.

    Either way I don't like the code or it's intent.

  6. #6
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,663
    Read the forum rules!!!
    We don't tolerate that kind of crap here.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Enforcing Machine Code Restrictions?
    By SMurf in forum Tech Board
    Replies: 21
    Last Post: 03-30-2009, 07:34 AM
  2. Values changing without reason?
    By subtled in forum C Programming
    Replies: 2
    Last Post: 04-19-2007, 10:20 AM
  3. Obfuscated Code Contest
    By Stack Overflow in forum Contests Board
    Replies: 51
    Last Post: 01-21-2005, 03:17 PM
  4. Interface Question
    By smog890 in forum C Programming
    Replies: 11
    Last Post: 06-03-2002, 05:06 PM
  5. Replies: 0
    Last Post: 02-21-2002, 05:05 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21