Manually embedding shellcode into executables

[mmcgrew1 at mail.csuchico.edu (Michael McGrew)]

In the below issue of Hackin9 magazine they go over how to insert asm code
into a binary while keeping it's functionality fully in tact.
It specifically goes over how to insert a portion of code into putty.exe
that will send the username and password of a ssh login attempt from a
victim back to the attacker via HTTP GET prams. It's a great read. If you
cannot find the article or magazine anywhere I would be willing to scan the
article for you.

http://hakin9.org/magazine/580-no-backdoor-try-opening-the-windows
<http://hakin9.org/magazine/580-no-backdoor-try-opening-the-windows>"Rogue
Binaries ? How to Own Software"

On Tue, Dec 1, 2009 at 8:13 AM, Matthew Raspberry
<matt.raspberry at gmail.com>wrote:

> Hey all,
>
> I was listening to Pauldotcom episode 176 when Relic was talking about
> manually embedding payloads into executables and I was wondering if someone
> could point me to a book or website with more information on doing that? I
> realize Metasploit has automated the process, I would just like to know how
> it is done. I just recently got into IT Security, coming from a Sys Admin
> job previously, and don't know too much about the more advanced topics. Any
> help on this is appreciated.
>
> --
> Matt Raspberry
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100105/fb87ea1a/attachment.htm