h1

Basic Windows Exploit….

July 30, 2010

Compiling and Debugging Windows Programs
Development tools are not included with Windows, but that doesn’t mean you need to spend $1,000 for Visual Studio to experiment with exploit writing. You can download for free the same compiler and debugger Microsoft bundles with Visual Studio .NET 2003 Professional.

In this writing , I’ll show you how to initially set up your Windows exploit workstation.

Compiling on Windows
The Microsoft C/C  Optimizing Compiler and Linker are available for free from http://
msdn.microsoft.com/vstudio/express/visualc/default.aspx. After a 32MB download and a
straightforward install, you’ll have a Start menu link to the Visual C++ 2005 Express Edition.

Click the shortcut to launch a command prompt with its environment configured for compiling code. To test it out, let’s start with the meet.c and then exploited in Linux . Type in the example or copy it from the Linux machine .

C:\wakrin>type hello.c
//hello.c
#include <stdio.h>
main ( ) {
printf(“Hello haxor”);
}
The Windows compiler is cl.exe. Passing the compiler the name of the source file will

generate hello.exe. Compiling is simply the process of turning human-readable source code into machine-readable binary files that can be  digested by the computer and executed.

C:\wakrin>cl hello.c
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 14.00.50727.42 for 80×86
Copyright (C) Microsoft Corporation. All rights reserved.
hello.c
Microsoft (R) Incremental Linker Version 8.00.50727.42
Copyright (C) Microsoft Corporation. All rights reserved.
/out:hello.exe
hello.obj
C:\wakrin>hello.exe
Hello haxor
Pretty simple, eh? Let’s move on to build the program we’ll be exploiting later.

Create meet.c  using cl.exe.
C:\wakrin>type meet.c
//meet.c
#include <stdio.h>
greeting(char *temp1, char *temp2) {
char name[400];
strcpy(name, temp2);
printf(“Hello %s %s\n”, temp1, name);
}
main(int argc, char *argv[]){
greeting(argv[1], argv[2]);
printf(“Bye %s %s\n”, argv[1], argv[2]);
}
C:\wakrin>cl meet.c
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 14.00.50727.42 for 80×86
Copyright (C) Microsoft Corporation. All rights reserved.
meet.c
Microsoft (R) Incremental Linker Version 8.00.50727.42
Copyright (C) Microsoft Corporation. All rights reserved.
/out:meet.exe
meet.obj
C:\wakrin>meet.exe Mr. Haxor
Hello Mr. Haxor
Bye Mr. Haxor

Well , thats a very simple coding for writing exploits in windows. I’ll be explaining later in my blog on how to compile and debug using a windows console. Till then . have a pleasent weekend….

p/s: Some new tools had been released in this year Black Hat 2010 Conference. Others will be released today in Defcon 18. I’ll be reviewing those tools and some topic regarding both of the conference.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: