Forums: Different Aproach - Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Different Aproach in exploit coding

#1 User is offline   extreme 

  • Specialist
  • Icon
  • Group: Specialist
  • Posts: 582
  • Joined: 02-September 03

Posted 13 January 2004 - 07:23 AM

I just thought an idea and maybe it is irelevant but here it goes..
As I manage to understand, main problem of getting shell in buffer overflows is because shell is too big to fit the buffer.
So, why not coding something else then shell?? FOr example, I read somewhere that RPC patch only changes one registry value from "1" to "0"... Maybe there is more, maybe not.. but just tounderstand my idea, what if one would make a application that just changes back this registry value from 0 to 1? Then you would enable RPC on victim's comp, and get shell easy then..
I think that this application should be much smaller then shell code... Basicly, point of this is to make some application that will unpatch mashine against some old exploit...
WUTranslink
0

#2 User is offline   Faceless Master 

  • Staff Sergeant
  • Icon
  • Group: Members
  • Posts: 259
  • Joined: 06-January 04

Posted 13 January 2004 - 08:25 AM

Nice..
One thing.Can we change registry values remotely?
Regards
~Faceless Master
0

#3 Guest_ara2_*

  • Group: Guests

Posted 13 January 2004 - 08:39 AM

i think its possible, however just the size of the string pointing to the registry value you want to change would probably make the code even bigger than today's shellcodes
0

#4 Guest_SKyLiNe_*

  • Group: Guests

Posted 15 January 2004 - 05:49 AM

For to be able to connect to a remote machines registry one
would need to obtain the proper credentials to connect to it,
in other words you would need the administrator password.
You could try and write shellcode that changes registry settings remotely
if you are exploiting something that will give you System or Admin
priviledges. If im understanding your theory correctly your plan is to
write regkey changing shellcode to enable dcom service which you
can then exploit? This wouldnt be of much use either i guess, you would
still face the problem of buffer sizes and shellcode size.
0

#5 User is offline   Chris 

  • Specialist
  • Icon
  • Group: Specialist
  • Posts: 1,202
  • Joined: 31-August 03

Post icon  Posted 16 January 2004 - 11:48 AM

echo it to a reg file and then tell the batch to run it, hell why not tie it in with a nice internet explorer exploit. They visit a webpage get infected (they wont know, put a fake 404 up :D) and you can use a script to get there ip number. Sorted
0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting