security - Running windows shell commands NASM X86 Assembly language -

-

i writing simple assembly program execute windows commands. attach current working code below. code works if hard code base address of winexec function kernel32.dll, used program called arwin locate address. reboot breaks because of windows memory protection address space layout randomization (aslr)

what looking find way execute windows shell commands without having hard code memory address code change @ next reboot. have found similar code around nothing either understand or fits purpose. know can written in c using assembler keep size small possible.

thanks advice/help.

;just runs simple netstat command. ;compile nasm -f bin cmd.asm -o cmd.bin  [bits 32]  global _start  section .text  _start: jmp short command           function:                 ;label  ;winexec("command execute",null) pop     ecx xor     eax,eax push    eax push    ecx mov     eax,0x77e6e5fd  ;address found arwin winexec in kernel32.dll call    eax  xor eax,eax push    eax mov eax,0x7c81cafa call    eax  command:                  ;label call function db "cmd.exe /c netstat /naob" db 0x00

just update found way referencing windows api hashes perform action want in stack. negates need hard code memory addresses , allows write dynamic shellcode.

there defenses against still work against myriad of un-patched , out of date machines still around.

the following 2 sites useful in finding needed:

http://blog.harmonysecurity.com/2009_08_01_archive.html

https://www.scriptjunkie.us/2010/03/shellcode-api-hashes/


Comments

Post a Comment

Popular posts from this blog

Ansible - ERROR! the field 'hosts' is required but was not set -

-
i've error when launch playbook don't found why.... error! field 'hosts' required not set there main.yml : --- - hosts: hosts - vars: - elasticsearch_java_home: /usr/lib/jmv/jre-1.7.0 - elasticsearch_http_port: 8443 - tasks: - include: tasks/main.yml - handlers: - include: handlers/main.yml and /etc/ansible/hosts : [hosts] 10.23.108.182 10.23.108.183 10.23.108.184 10.23.108.185 when test ping, : [root@poste08-08-00 elasticsearch]# ansible hosts -m ping 10.23.108.183 | success => { "changed": false, "ping": "pong" } 10.23.108.182 | success => { "changed": false, "ping": "pong" } 10.23.108.185 | success => { "changed": false, "ping": "pong" } 10.23.108.184 | success => { "changed": false, "ping": "pong" } please, me :) regards, you have syntax error in playbook.
Read more

customize file_field button ruby on rails -

-
i'm trying rid of ugly button rails has default file upload. want add glyphicon <%= f.file_field :image_url, class:"glyphicon glyphicon-camera" %> this didn't work , have tried other things in different post saw on page, don't attach file. as suggested here bootstrap filestyle , can use bootstrap's filestyle style file upload buttons. step-1: add layout application.html.erb i have added bootstrap filestyle library cdn. should make sure have both jquery , boostrap loaded. <script type="text/javascript" src="https://cdn.jsdelivr.net/bootstrap.filestyle/1.1.0/js/bootstrap-filestyle.min.js"> </script> step-2: add corresponding js file: $(":file").filestyle({input: false}); step-3: image_url file field follows: <%= f.file_field :image_url,class: "filestyle", "data-input" => false %>
Read more

SoapUI on windows 10 - high DPI/4K scaling issue -

-
Image
soapui doesn't seem dpi-aware , displays small on high dpi screen (tiny text , buttons). other applications running fine (screen resolution 3840 x 2160). version : soapui 5.1.2 os : windows 10 i have tried: configure soapui run "disable display scaling on high dpi settings" - parts of soapui looking bigger , don't display (image) changing resolution changing font size (preferences > editor settings > select font...) therefore assume, soapui pretends dpi-aware, not scale itself. have same issue? this workaround until developers round making version dpi-aware. step 1: add registry key hkey_local_machine\software\microsoft\windows\currentversion\sidebyside\preferexternalmanifest (dword) 1 step 2: add manifest file 'soapui-5.2.1.exe.manifest' in same directory 'soapui-5.2.1.exe' content of manifest file: <?xml version="1.0" encoding="utf-8" standalone="yes"?> <assembly xml
Read more