/* Created on: 2 de Nov de 2011 at 16:44:44 * Author: andrec * Email : fc26887@alunos.fc.ul.pt * */ Hello. This project started out as a win32 exploit development project, based on : Undestanding Windows Shellcode by Skape (mmiller@hick.org, www.nologin.org). references/win32-shellcode.pdf It presents several misconceptions, and bugs that are present on the i386 architecture. I know this because what ive done, shows that some things are impossible unless something is terrible wrong :). It presents some proof-of-concepts realtime situations. The main thing to be read is in directory steps/listOfSteps.html. I suggest you take a look at the source. The images directory presents things that are best viewed and are hard to comment . The asm directory presents the original asm exploit files, and a hash file that has a function to hash strings into 4bytes arrays. Check the method in : Win32 Assembly Components by The Last Stage of Delirium Research Group http://lsd-pl.net Version: 1.0.1 Updated: December 12th, 2002 Copyright c 2002 The Last Stage of Delirium Research Group, Poland references/winasm-1.0.1.pdf The examples directory presents some files i write, to help me assist in this project. For instance redirectShellIO.c was an attempt to create a shell that all its stdin,stdout and stderr were logged to a file. Obviously that didn't work. The exe has files compiles from examples, that are interesting. The hashDB has md5 and sha1 hashes of those exe files. The db is in xml. The tool i used was fciv from microsoft. The log directory has files that are output of commands (instead of putting them directly to listOfSteps.html, i put a link to them on listOfSteps.html The Makefiles directory has old makefiles. The source directory , has for now, the first .c file used in this project. Actually it was named connectBackShellCode.c but now its named LoadLibAddr.c. The steps directory is the fundamental directory of the project. It contains all the steps i made to achieve certain thins. The listOfStepsNetwork, has steps that are related to network things. The webdav exploit project is an attempt to write an exploit to webdav, but currently it only checks to see if webdav is enable on the server. Though i can't compile it. On root directory there's: eclipseConfig.txt My text editor and IDE for the moment. *.bat Some batch files to run gdb (one of them uses gdb.commands to run commands, although it doesn't work it hangs gdb) ... That's it. Later, andrec My OS version is in : images/windowsVersion.jpg My compiler is gcc : C:\>gcc -v Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=c:/mingw/bin/../libexec/gcc/mingw32/4.5.0/lto-wrapper.exe Target: mingw32 Configured with: ../gcc-4.5.0/configure --enable-languages=c,c++,ada,fortran,objc,obj-c++ --disable-sjlj-exceptions --with-dwarf2 --enable-shared --enable-li bgomp --disable-win32-registry --enable-libstdcxx-debug --enable-version-specific-runtime-libs --disable-werror --build=mingw32 --prefix=/mingw Thread model: win32 gcc version 4.5.0 (GCC) I have two debuggers one is gdb : C:\>gdb -v GNU gdb (GDB) 7.2 Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "mingw32". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. the other is ollydbg v1.10 : http://top-themen.t-online.de/ my ls version is : C:\>ls -la --version ls (GNU coreutils) 5.97 Copyright (C) 2006 Free Software Foundation, Inc. This is free software. You may redistribute copies of it under the terms of the GNU General Public License <http://www.gnu.org/licenses/gpl.html>. There is NO WARRANTY, to the extent permitted by law. Written by Richard Stallman and David MacKenzie. my nm version is : C:\>nm --version GNU nm (GNU Binutils) 2.20.51.20100613 Copyright 2010 Free Software Foundation, Inc. This program is free software; you may redistribute it under the terms of the GNU General Public License version 3 or (at your option) any later version. This program has absolutely no warranty. my objdump version is: C:\>objdump --version GNU objdump (GNU Binutils) 2.20.51.20100613 Copyright 2010 Free Software Foundation, Inc. This program is free software; you may redistribute it under the terms of the GNU General Public License version 3 or (at your option) any later version. This program has absolutely no warranty. file version is: C:\>file --version file-5.04 magic file from /etc/magic:/usr/share/misc/magic THANKS TO: blackthorne (for suggestions and ideas) and all the other dudes for testing the stuff.
getLoadLibAddr Files
Brought to you by:
fc26887