Reference
Information on fixing OllyDbg www.exetools.com/forum/showthread.php?t=5971&goto=
nextoldest
Windows Exploits
In this section, we will learn to exploit Windows systems.We will start off slowly, building
on previous concepts learned in the Linux chapters. Then we will take a leap into
reality and work on a real-world Windows exploit.
Building a Basic Windows Exploit
Now that you??™ve learned how to debug on Windows, how to disassemble on Windows,
and about the Windows stack layout, you??™re ready to write a Windows exploit! This section
will mirror the Chapter 7 exploit examples that you completed on Linux to show you
that the same kind of exploits are written the same way on Windows. The end goal of this
section is to cause meet.exe to launch an executable of our choice based on shellcode
passed in as arguments. We will use shellcode written by H.D. Moore for his Metasploit
project (see Chapter 5 for more info on Metasploit). Beforewe can drop shellcode into the
arguments to meet.exe, however, we need to prove that we can first crash meet.exe and
then control eip instead of crashing, and then finally navigate to our shellcode.
Chapter 11: Basic Windows Exploits
259
PART III
Crashing meet.exe and Controlling eip
As you saw from Chapter 7, a long parameter passed to meet.
Pages:
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476