Vulnerability Development mailing list archives
[DeepZone black tool] WinNT/2k portable shellcode generator is on-line!!!
From: |Zan <izan () DEEPZONE ORG>
Date: Thu, 28 Dec 2000 19:35:05 +0100
This post was sent recently to BugTraq. Exploits developers can be interested ;) I am sure that it can have some little bug but shellcodes are working fine. regards, |Zan -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi all, Recently a lot of Win32 b0fs are arisen. They are exploitables but it isn't an easy way. Result is that i am not viewing many "Win32 black exploits" in BugTraq. Why?? ... well ... you can lose time, resources and "beautiful dreams" parsing hard streams or in a deep debugging. This e-mail can contain useful stuff for exploit developers or proof of concept code exploiters thinking in post to bugtraq their new WinNT/2k remote exploits ;) In Unix world, shellcodes "are more generics" but in Win32 world (or WinAPI world) you have to hack a new shellcode or change minimal details with any new b0f exploit. Later, "Buggy Application v1.0" can contain a hard parsing but "Buggy Application v2.0" can contain a very strong parsing and another API addresses (IT addresses) killing your previous job :( Porting shellcodes to different languages is another big problem. Jack Barnaby has released its shellcode in asm, i have some exploit in perl ... but i am sure that C is another good choice in Linux world. is there an easy solution ? ... well ... it can be ... If buggy application contains "GetProcAddress and LoadLibraryA addresses" linked in import table you can run portable code (it isn't new ... viruses, cracks and another "unofficial addons" works in this way). If you programs your shellcode with some tips you can get dynamic and non-null relocate code. It isn't any new thing. If your NT/2k local/remote objective isn't firewalled you can bind a shellcode in an arbitrary port (Jack Barnaby technique ;) Well ... now ... we mix all stuff + CGI technology and we have a plug&play WinNT/2k shellcode generator connected to Internet (in this moment, it's on-line). With this automatic BETA tool you only have to find the correct "return address" and GetProcAddress and LoadLibrary addresses in import table. Dirty job is maked and you can try new "hard streams" to bypass those "strong checks" or zero byte problem with only click a button. This generator is BETA code and it's only an automatic proof of concept tool. In this moment it is generating in three different languages (asm, C y perl) and it supports null-problem or zero byte-problem (XOR solution). Shellcodes generated is free and it can be included in any exploit or proof of concept code to demostrate vulnerabilities in Wintel NT/2k plataforms. You are free to hack "html interface" with your site's colour and style too or post us our documentation translated in your own language. It'll be included giving you credits about your fine translation ;) I have coded some new exploits tracking last WinNT/2k b0fs in BugTraq and shellcodes worked fine. * spanish version http://www.deepzone.org * english version (direct link) http://www.deepzone.org/olservices/xploitit/index.htm i hope to view more Win32 black exploits living in BugTraq now ;) last notes - ---------- Greetings, credits and another stuff are included in generator. Please, shellcode is working fine so if you can't run it or you don't known how to make a new "plug and play exploit" then you should read previous papers about Win32 b0fs and phrack articles. Please, don't flood me with "howto emails" ;) Any reversing comment, WinNT/2k core stuff, possible addon or ... any interesting black/white hat stuff please drop me an e-mail freely; you'll get a fast reply as fast as possible. Any colaboration posted about this "toy" or new documentation will be added in previous links excuse my fantastic english ... but i lost my pocket dictionary ;) happy new year, |Zan -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOkt2sEaVob5q1uFzEQKprQCg+Ptw7iJ24voLfnsM0aozNywTEJgAn1Du o0YMdI5WPP5iWOBqEOGEgh2p =ehJ6 -----END PGP SIGNATURE-----
Current thread:
- [DeepZone black tool] WinNT/2k portable shellcode generator is on-line!!! |Zan (Dec 29)