It is currently Fri Nov 22, 2019 9:38 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 67 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next
Author Message
 Post subject:
PostPosted: Sun Sep 04, 2005 10:38 pm 
Offline
Addict
Addict
User avatar

Joined: Thu Aug 07, 2003 7:01 pm
Posts: 3113
Location: United Kingdom
Also one to try is injecting IE and then try to send commands via port 80 to a remote server.... this little trick may be quite evil. ;)

_________________
https://deluxepixel.com <- My Business website
https://reportcomplete.com <- School end of term reports system


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Sep 04, 2005 10:41 pm 
Offline
Always Here
Always Here
User avatar

Joined: Sat Aug 30, 2003 5:58 pm
Posts: 5883
Location: Denmark
yup it would probably work.

Another idea:

If you are a guest on an windows, or normal user, you can use a program running as admin, like antivirus or a service, then inject your code into that program, and boom your program can do whatever it want.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Sep 04, 2005 11:08 pm 
Offline
Enthusiast
Enthusiast

Joined: Sat Apr 26, 2003 5:08 pm
Posts: 404
Location: Denmark
Come on you 2, do you want this tread locked or what ? :shock:
you can do alot of bad things with a match and some shoelace too, but there is no reason to discuss it here, it could be very messy you know... :D

Best Regrads
Henrik


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Sep 04, 2005 11:23 pm 
Offline
Addict
Addict
User avatar

Joined: Thu Aug 07, 2003 7:01 pm
Posts: 3113
Location: United Kingdom
Sorry, I was getting carried away ;)

If you inject a looping process into notepad or something, then terminate the "injector", does the process keep running until notepad stops, or does it terminate with the injector? Is there any memory leakage or problem?

_________________
https://deluxepixel.com <- My Business website
https://reportcomplete.com <- School end of term reports system


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Sep 04, 2005 11:43 pm 
Offline
Enthusiast
Enthusiast

Joined: Mon Jun 13, 2005 6:03 pm
Posts: 128
I've tried and it fails.
WinXP SP2.

just for notice :wink:

xgp


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Sep 05, 2005 1:42 am 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sat Aug 02, 2003 11:22 pm
Posts: 759
Location: OR, USA
i think most firewalls work by looking what program is doing this well if your hooked maybe it will think its msn instead of your program well only one way to find out :\

btw

it fails on my machine XP SP2

_________________
~Dreglor


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Sep 05, 2005 5:22 am 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sat Aug 02, 2003 11:22 pm
Posts: 759
Location: OR, USA
i looked into why it wasn't working and i found it does work but only rarely it is always stoping at VirtualAllocEx_() it returning null which msdn says is a error and says if you want more on the error use the GetLastError_(). well that returns zero which i look up and that code means it worked. so either there was a error to which there was no code to or VirtualAllocEx_() is lying to me :?

i figured it somthing with the code you wrote converted the original c++ code you found.
and guess what it did the same exact thing rarely working and when it didn't it stopped on VirtualAllocEx_()

is anyone having the same problem?

_________________
~Dreglor


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Sep 05, 2005 6:33 am 
Offline
Enthusiast
Enthusiast

Joined: Wed Apr 27, 2005 9:41 pm
Posts: 150
Location: Finland
hmm... weird since im on XP SP2 and works fine here...


Doubledutch, does your ideas have something to do with your remote administration tool? :lol:


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Sep 05, 2005 1:12 pm 
Offline
Always Here
Always Here
User avatar

Joined: Sat Aug 30, 2003 5:58 pm
Posts: 5883
Location: Denmark
No you need the allocations on my xp too! better put them back.

Henrik, can you tell me about that shoelace and matches?? :)

DoubleDutch, it should terminate with the app its injected too. Not the one that injects it!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Sep 05, 2005 2:52 pm 
Offline
Enthusiast
Enthusiast

Joined: Wed Apr 27, 2005 9:41 pm
Posts: 150
Location: Finland
thefool wrote:
No you need the allocations on my xp too! better put them back.



:oops: i forgot to edit 1st post, anyway now its there with DarkDragons idea/code of creating process as suspended...


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Sep 05, 2005 3:09 pm 
Offline
Always Here
Always Here
User avatar

Joined: Sat Aug 30, 2003 5:58 pm
Posts: 5883
Location: Denmark
sorry, but why do you want to put it as suspended?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Sep 05, 2005 3:29 pm 
Offline
Enthusiast
Enthusiast

Joined: Wed Apr 27, 2005 9:41 pm
Posts: 150
Location: Finland
thefool wrote:
sorry, but why do you want to put it as suspended?


:oops: it was because i thought my way didnt work for everyone... well i guess it was just because i left copypasted broken code there and darkdragon "fixed" it with another method and i thought it would be better :? well mistakes happen... now there is both methods on 1st post


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Sep 05, 2005 3:50 pm 
Offline
Always Here
Always Here
User avatar

Joined: Sat Aug 30, 2003 5:58 pm
Posts: 5883
Location: Denmark
hehe :)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Sep 05, 2005 4:01 pm 
Offline
Addict
Addict
User avatar

Joined: Fri Apr 25, 2003 7:06 pm
Posts: 2244
Location: Argentina
Can anybody show something that the injected code can do without crashing?

I was only able to use delays and msgboxes, but not anymore. Any API call (per example) crashes for me.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Sep 05, 2005 6:17 pm 
Offline
666
666

Joined: Mon Sep 01, 2003 2:33 pm
Posts: 1033
interesting... very interesting :). Nice to see that Microsoft got something right with Windows XP SP2. I must remember to disable DEP for further testing :)

http://www.satanicdreams.com/error.jpg


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 67 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 33 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye