[<prev] [next>] [day] [month] [year] [list]
Message-ID: <120120031421.5117.70c3@comcast.net>
From: amebix at comcast.net (amebix@...cast.net)
Subject: Assembly Code Question
>Just two quick questions about DCOM exploit code (Please excuse my
>ignorance):
>1) Why did each request have to be coded in assembly?
>and
I believe you are referring to the shellcodes at the beginning of the DCOM exploit,
"char shellcode[]"
and so on. Those are the shellcodes needed to open a remote shell once the exploit has overflowed the buffer. I wont get into a long detailed reason why the ASM is nessecary but once the overflow has occured the programs flow of execution is pointed at that those assembely instructions to create your shell or set root privelages or whatever your shellcode happens to do. The reason some of them are different is because the RPC version was different for each operating system the exploit worked on. Some offsets and overflow sizes had to be adjusted.
>2) Was each request hand coded or are there tools that help them to
>construct each request in assembly?
Most tools that say they can write shellcode only at best help in the process. You might want to search www.packetstormsecurity. for docs on how to write your own shellcode.
>Much appreciated!
You can learn alot more about buffer overflows and those shellcode instructions from the web, theres plenty of papers on the subject. 'Smashing the Stack for Fun and Profit' was one of the longer and better ones.
Chris@...secure.net
my email is down :[
Powered by blists - more mailing lists