-
November 29th, 2004, 07:50 AM
#1
Senior Member
exploitation need help
recently i have been studing exploitation making shellcodes and writing exploit to use that exploit
what i found out is that it is actually easier to write exploits for linux but not so for windows
i have been spending a lot of time on how to write exploits but i am not succeeding i dunno why......
tried all nice tuts on net for windows exploits but can't find one..............not for windows
http://phrack.org/show.php?p=55&a=15
http://jikos.jikos.cz/remotesploits.html
http://www.cosc.brocku.ca/~cspress/H..._class.html#18
http://www.donews.net/zwell/articles/159199.aspx
the last link is about what is the difference between windows and linux explits..........
and also phrack article about advance windows shellcodes..........
http://phrack.org/show.php?p=62&a=7
i don't really understand the strusture of windows shellcodes and offsets use of offset i have written a simple server program and trying to crash it by sending a buffer of length more then 2020(infect it is one of the series of server programs that i wrote in last ten days.
what u basically need to do is to overwrite EIP to point to ur shellcode ...........
the buffer sent by me is stored in ecx register ....
so i have to find a location in loaded dlls where a call like call ecx is there.........
i find one call in GDI32.dll
not i send a buffer starting with nops then shellcode then at buffer[2019] i store address of call ecx in order to execute shellcode(as it is pushed in ecx).
i don't know whats wrong but shellcode is not executing i was just wondering what is offsets(as used in webdav exploits)how return address should be placed in buffer .........
i will appriciate any help or links........as i really need that i googled a lot but don't think i got enough material there .............
-
November 30th, 2004, 11:21 PM
#2
Can't go into much more detail right now but you should consider using SoftICE and W32DASM until you get the hang of it all. Those programs would give you a chance to look exactly at what's happening 'behind the scenes'.
Much like gdb.
/ \\
-
December 1st, 2004, 06:29 AM
#3
Senior Member
I did that i used softIce used listdll utility got one address location of call ecx where shellcode is pushed but my exploit is not running i am sure my shellcode is correct. I don't understand the use of offset i searched on google but didn't find much info about that
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|