Vulnerability Development mailing list archives
Re: Windows reverse Shell
From: Ali Saifullah Khan <whipaz () gem net pk>
Date: 4 Feb 2003 15:07:48 -0000
In-Reply-To: <1028124981.20030204013745 () hotmail kg>
Hello guys, David Litchfield in his Blackhat talk, talked about using socket handle from WSASocket() and pass that handle as a parameter to stdin, stdout and stderr for CreateProcess function. By doin this way his reverse cmd shellcode becomes much smaller. I tried coding that reverse command shell in C, but couldnt get it to work. It simply connects to my listening netcat listener and then disconnects. David Litchfield used 4 functions to achieva that WSASocket, bind, connect and CreateProcess. A lil help would b appreciated on building this reverse cmd shell. thanx. -- Best regards, Adik mailto:netninja () hotmail kg
Firstly, please elaborate on what you mean by "connecing and disconnecting immediately " ..... are you implying that it gets a FIN immediately, or are you watching netcat's non-verbose output on the cmdline :-) Secondly, If i am correct, and WSASocket() gets you your socket handle, then it is apparent that WSASocket() is failing. You should check your initialization of winsock in the code (Include some error-checking code to see if its being started properly or not and paste the output in your reply)
Current thread:
- Windows reverse Shell NetNinja (Feb 03)
- Re: Windows reverse Shell 3APA3A (Feb 05)
- Re[2]: Windows reverse Shell Adik (Feb 05)
- Re[2]: Windows reverse Shell 3APA3A (Feb 05)
- Re: Windows reverse Shell sk (Feb 05)
- <Possible follow-ups>
- Re: Windows reverse Shell Ali Saifullah Khan (Feb 05)
- Re: Windows reverse Shell Berend-Jan Wever (Feb 05)
- Re: Windows reverse Shell 3APA3A (Feb 05)