exe will cause a segmentation
fault on Linux.We??™d like to cause the same type of crash on Windows, but Perl is not
included on Windows. So to build this exploit, you??™ll need to either use the Metasploit
Cygshell or download ActivePerl from www.activestate.com/Products/ActivePerl/ to
your Windows machine. (It??™s free.) Both work well. Since we have used the Metasploit
Cygshell so far, you may continue using that throughout this chapter if you like. To show
you the other side, we will try ActivePerl for the rest of this section. After you download
and install Perl for Windows, you can use it to build malicious parameters to pass to
meet.exe. Windows, however, does not support the same backtick (`) notation we used
on Linux to build up command strings, so we??™ll use Perl as our execution environment
and our shellcode generator. You can do this all on the command line, but it might be
handy to instead build a simple Perl script that you can modify as we add more and
more to this exploit throughout the section.We??™ll use the exec Perl command to execute
arbitrary commands and also to explicitly break up command-line arguments (as this
demo is heavy on the command-line arguments).
C:\grayhat>type command.
Pages:
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477