• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Windows Metasploit Shellcode - Baffling Problem (to me)

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
akiki
Just Arrived
Just Arrived


Joined: 02 Sep 2009
Posts: 0


Offline

PostPosted: Wed Sep 02, 2009 10:37 pm    Post subject: Windows Metasploit Shellcode - Baffling Problem (to me) Reply with quote

Greetings,

I am fascinated with the use of shellcode to exploit security holes in programs (Windows, especially, because that is my workstation). I have been immersed in the book Gray Hat Hacking: The Ethical Hackers Handbook; it is excellent for beginners to the art such as myself.

However, I have encountered some Windows shellcode problems and have utterly failed in solving them. And so, on to the dilemma.

Windows shellcode is far too advanced for me to write at the moment. To understand some Windows security vulnerabilities I have been using the shellcode generated by Metasploit's payload engine. It was here that the problems began.

I was using a Win32 "Execute an Arbitrary Command" payload to try to start a process (for space, assume "calc.exe") by exploiting the hole. However, the payload failed to function properly. After examining the stack in a debugger during the exploit, I realized the program name "calc.exe" was being overwritten while the shellcode was executing. The program terminated with a "File Not Found" exception--the "name" was now just memory garbage.

After poking around with this problem for a while, I switched out the Arbitrary Command payload for a Bind Shell payload. Unfortunately, this payload also had problems.

I am worried that I am doing something fundamentally wrong, something that someone just has to hit me over the head with. Is there a certain amount of NOP padding I should put before and after the shellcode? Am I perhaps not using the correct payload for my platform? Perhaps I am not exploiting the hole correctly (it was a simple buffer overflow, by the way)?

Ah, a very important piece: when I simply take the shellcode and execute it as an ordinary function in a C program, it works without a hitch.

Any help would be awesome and very appreciated. Thank you!

Cheers,

akaki
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register