Hello, I have been testing how make a remote command shell on windows. I have taken David Litchfield SLQ exploit code as a basis. ie it does a tcp connect back to my attack machine and passes the socket as handles to createprocess in/out&error. This works OK. But when I close the program that I overflowed on the vulnerable machine, my remote shell is also closed. To get around this, I have tried setting the Detached_Process flag as the CreationFlags parameter passed to createprocess. With this flag set, I can close the program on the vulnerable machine without closing my remote shell. Success... BUT Some commands like DIR work ok, but most others create a windows on the vulnerable machine instead of displaying back to my remote shell. For instance if I ping another machine, a visible window opens on the vulnerable machine - I see the ping results in this window then the window closes. So this is only half working. Does anyone know why this odd behaviour is happening ? How can I program this to be 100% successful ? A bit of c code would be helpful if anyone would be kind enough to share it. Thanks Helm _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
This archive was generated by hypermail 2b30 : Sun Mar 09 2003 - 13:39:23 PST