Vulnerability Development mailing list archives
Windows Shellcode - Using Detached_Process flag
From: "helmut schmidt" <helmutsch69 () hotmail com>
Date: Sun, 09 Mar 2003 13:08:40 +0000
Hello,I have been testing how make a remote command shell on windows. I have taken David Litchfield SLQ exploit code as a basis. ie it does a tcp connect back to my attack machine and passes the socket as handles to createprocess in/out&error.
This works OK. But when I close the program that I overflowed on the vulnerable machine, my remote shell is also closed.
To get around this, I have tried setting the Detached_Process flag as the CreationFlags parameter passed to createprocess.
With this flag set, I can close the program on the vulnerable machine without closing my remote shell. Success... BUT
Some commands like DIR work ok, but most others create a windows on the vulnerable machine instead of displaying back to my remote shell. For instance if I ping another machine, a visible window opens on the vulnerable machine - I see the ping results in this window then the window closes. So this is only half working.
Does anyone know why this odd behaviour is happening ? How can I program this to be 100% successful ? A bit of c code would be helpful if anyone would be kind enough to share it.
Thanks Helm _________________________________________________________________The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
Current thread:
- Windows Shellcode - Using Detached_Process flag helmut schmidt (Mar 09)
- Re: Windows Shellcode - Using Detached_Process flag Valdis . Kletnieks (Mar 10)