Windows Shellcode - Using Detached_Process flag

["helmut schmidt" <helmutsch69 () hotmail com>]

Hello,

I have been testing how make a remote command shell on windows. I have taken 
David Litchfield SLQ exploit code as a basis. ie it does a tcp connect back 
to my attack machine and passes the socket as handles to createprocess 
in/out&error.

This works OK. But when I close the program that I overflowed on the 
vulnerable machine, my remote shell is also closed.

To get around this, I have tried setting the Detached_Process flag as the 
CreationFlags parameter passed to createprocess.

With this flag set, I can close the program on the vulnerable machine 
without closing my remote shell. Success... BUT

Some commands like DIR work ok, but most others create a windows on the 
vulnerable machine instead of displaying back to my remote shell. For 
instance if I ping another machine, a visible window opens on the vulnerable 
machine - I see the ping results in this window then the window closes. So 
this is only half working.

Does anyone know why this odd behaviour is happening ? How can I program 
this to be 100% successful ? A bit of c code would be helpful if anyone 
would be kind enough to share it.

Thanks Helm








_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* 
http://join.msn.com/?page=features/junkmail