Results 1 to 3 of 3

Thread: exploitation need help

  1. #1
    Senior Member
    Join Date
    Oct 2004
    Posts
    122

    exploitation need help

    recently i have been studing exploitation making shellcodes and writing exploit to use that exploit
    what i found out is that it is actually easier to write exploits for linux but not so for windows
    i have been spending a lot of time on how to write exploits but i am not succeeding i dunno why......

    tried all nice tuts on net for windows exploits but can't find one..............not for windows
    http://phrack.org/show.php?p=55&a=15
    http://jikos.jikos.cz/remotesploits.html
    http://www.cosc.brocku.ca/~cspress/H..._class.html#18
    http://www.donews.net/zwell/articles/159199.aspx

    the last link is about what is the difference between windows and linux explits..........
    and also phrack article about advance windows shellcodes..........

    http://phrack.org/show.php?p=62&a=7

    i don't really understand the strusture of windows shellcodes and offsets use of offset i have written a simple server program and trying to crash it by sending a buffer of length more then 2020(infect it is one of the series of server programs that i wrote in last ten days.
    what u basically need to do is to overwrite EIP to point to ur shellcode ...........
    the buffer sent by me is stored in ecx register ....
    so i have to find a location in loaded dlls where a call like call ecx is there.........
    i find one call in GDI32.dll
    not i send a buffer starting with nops then shellcode then at buffer[2019] i store address of call ecx in order to execute shellcode(as it is pushed in ecx).

    i don't know whats wrong but shellcode is not executing i was just wondering what is offsets(as used in webdav exploits)how return address should be placed in buffer .........

    i will appriciate any help or links........as i really need that i googled a lot but don't think i got enough material there .............
    nobody is perfect i am nobody

  2. #2
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    Can't go into much more detail right now but you should consider using SoftICE and W32DASM until you get the hang of it all. Those programs would give you a chance to look exactly at what's happening 'behind the scenes'.

    Much like gdb.
    /\\

  3. #3
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    I did that i used softIce used listdll utility got one address location of call ecx where shellcode is pushed but my exploit is not running i am sure my shellcode is correct. I don't understand the use of offset i searched on google but didn't find much info about that
    nobody is perfect i am nobody

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •