Full Disclosure mailing list archives
Windows (XP SP2): Remotely Code Execution with Parameters (Updated)
From: ShredderSub7 <shreddersub7 () yahoo com>
Date: Thu, 30 Dec 2004 06:11:12 -0800 (PST)
Hi all, a few days ago, I released a PoC from an exploit that can allow code execution from a webpage. Some people asked me if it is possible to execute a random file, that comes from the Internet. Now, I updated this PoC and it is possible to execute a malware file from the Internet. http://freehost19.websamba.com/shreddersub7/cmdexe.htm (PoC, installs and opens 2 files called "cmdexe.exe" and "cmdexe.hta" into your root C-drive). This new PoC works very similar to the old one (which you can still find at http://freehost19.websamba.com/shreddersub7/htm.htm). The new PoC actually uses the old PoC multiple times, it is build in 3 fases: The first fase will be used to write the HTML application "cmdexe.hta" to your C-drive. If you want to know how this is done, I refer to the website of Michael Evanchik (http://www.michaelevanchik.com), because he was the first person who founded this writing method (btw, thanks!). The second fase is very similar to the first one: it opens the file "cmdexe.hta" and it will write the malware file "cmdexe.exe" also to your C-drive. The third fase then is based on my older exploit (http://freehost19.websamba.com/shreddersub7/htm.htm, Remote Code Execution), it will open the file "C:\cmdexe.exe". For more info about that third fase, I refer to my own explanation found at http://freehost19.websamba.com/shreddersub7/expl-discuss.htm. So, for the PoC about Remote Malware Code Execution with Parameters: http://freehost19.websamba.com/shreddersub7/cmdexe.htm Contact: shreddersub7_at_yahoo.com (replace "_at_" with "@" off course) Regards, shreddersub7 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Windows (XP SP2): Remotely Code Execution with Parameters (Updated) ShredderSub7 (Jan 06)