Vulnerability Development mailing list archives
re: Tiny Windows 2000 Reverse Connect
From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Tue, 07 Oct 2003 10:38:21 +0000
----- Original Message ----- From: "H D Moore" <sflist () digitaloffense net>
Sent: Monday, October 06, 2003 10:11 PM
I managed to get a null-free version right around 200 bytes, but any really small XOR encoder will work as well. This technique, dubbed 'Vampiric Imports' is implemented in the following code:- http://metasploit.com/sc/win2000_vampiric_connector.asm
Very nice. I reckon you could make it even smaller quite easily though; surely in most cases, any program that you send an overflow to down a socket will already have called WSAStartup for you, and you could just omit that part of the code ?
cheers, DaveK _________________________________________________________________ Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile
Current thread:
- Tiny Windows 2000 Reverse Connect H D Moore (Oct 06)
- <Possible follow-ups>
- re: Tiny Windows 2000 Reverse Connect Dave Korn (Oct 08)