getLoadLibAddr Files

/* Created on: 2 de Nov de 2011 at 16:44:44
 * Author: andrec
 * Email : fc26887@alunos.fc.ul.pt
 *
 */

Hello.

This project started out as a win32 exploit development project, based on :

Undestanding Windows Shellcode by Skape (mmiller@hick.org, www.nologin.org).
references/win32-shellcode.pdf

It presents
 several misconceptions, and bugs that are present on the i386 architecture. I know this
 because what ive done, shows that some things are impossible unless something is terrible wrong :). 

It presents some proof-of-concepts realtime situations. The main thing
 to be read is in directory steps/listOfSteps.html. I suggest you take a look
 at the source. The images directory presents things that are best viewed and are hard to comment
 . The asm directory presents the original asm exploit files, and a hash file that has a function
 to hash strings into 4bytes arrays. Check the method in :
 
 Win32 Assembly Components
by
The Last Stage of Delirium Research Group
http://lsd-pl.net
Version: 1.0.1
Updated: December 12th, 2002
Copyright c
2002 The Last Stage of Delirium Research Group, Poland
references/winasm-1.0.1.pdf
 
The examples directory presents some files i write, to help me assist in this project.
For instance redirectShellIO.c was an attempt to create a shell that all its stdin,stdout and stderr
were logged to a file. Obviously that didn't work.

The exe has files compiles from examples, that are interesting.

The hashDB has md5 and sha1 hashes of those exe files. The db is in xml. The tool i used 
was fciv from microsoft.

The log directory has files that are output of commands (instead of putting them directly
to listOfSteps.html, i put a link to them on listOfSteps.html

The Makefiles directory has old makefiles.

The source directory , has for now, the first .c file used in this project. Actually
it was named connectBackShellCode.c but now its named LoadLibAddr.c.

The steps directory is the fundamental directory of the project. It contains all the 
steps i made to achieve certain thins. The listOfStepsNetwork, has steps that are related to
network things.

The webdav exploit project is an attempt to write an exploit to webdav, but
currently it only checks to see if webdav is enable on the server. Though i can't compile it.

On root directory there's:

eclipseConfig.txt

My text editor and IDE for the moment.

*.bat
Some batch files to run gdb (one of them uses gdb.commands to run commands, although it doesn't work
it hangs gdb)

...
That's it.

Later,

andrec




 

My OS version is in : images/windowsVersion.jpg 

My compiler is gcc :
C:\>gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=c:/mingw/bin/../libexec/gcc/mingw32/4.5.0/lto-wrapper.exe
Target: mingw32
Configured with: ../gcc-4.5.0/configure --enable-languages=c,c++,ada,fortran,objc,obj-c++ --disable-sjlj-exceptions --with-dwarf2 --enable-shared --enable-li
bgomp --disable-win32-registry --enable-libstdcxx-debug --enable-version-specific-runtime-libs --disable-werror --build=mingw32 --prefix=/mingw
Thread model: win32
gcc version 4.5.0 (GCC)

I have two debuggers one is gdb :
C:\>gdb -v
GNU gdb (GDB) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "mingw32".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.

the other is ollydbg v1.10 : 
http://top-themen.t-online.de/

my ls version is :

C:\>ls -la --version
ls (GNU coreutils) 5.97
Copyright (C) 2006 Free Software Foundation, Inc.
This is free software.  You may redistribute copies of it under the terms of
the GNU General Public License <http://www.gnu.org/licenses/gpl.html>.
There is NO WARRANTY, to the extent permitted by law.

Written by Richard Stallman and David MacKenzie.

my nm version is :
C:\>nm --version
GNU nm (GNU Binutils) 2.20.51.20100613
Copyright 2010 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) any later version.
This program has absolutely no warranty.

my objdump version is:
C:\>objdump --version
GNU objdump (GNU Binutils) 2.20.51.20100613
Copyright 2010 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) any later version.
This program has absolutely no warranty.

file version is:
C:\>file --version
file-5.04
magic file from /etc/magic:/usr/share/misc/magic

THANKS TO:
blackthorne (for suggestions and ideas)
and all the other dudes for testing the stuff.