Archive

Archive for July 31st, 2011

Writing Self modifying shellcode

July 31st, 2011 1 comment

 

Nowadays, as I am working on the shellcoding, I thought of writing the self modifying shellcode. Normally, this kind of behaviour is seen in malwares, packers etc, where the code gets modified due to the other instructions. Lets have a look how to do so:

 

I will be taking the example of MessageBox shellcode. This shellcode I have prepared earlier. Using it as a basis, I would write the self modifying code. The shellcode for MessageBox looks like:

 

004040A0 31DB       XOR EBX,EBX ;Zero the EBX

004040A2 68 47474700       PUSH 0×00474747 ;PUSH “GGG”

Read more…

Categories: MalwareAnalysis Tags:

Writing Shellcode

July 31st, 2011 No comments

The WinExec shellcode (NASM)

==============================

[Section .text]

BITS 32

 

global _start

 

_start:

JMP GetCmd

ReturnfromCommand:

POP EBX ;Holds the Pointer to the command string to be executed using WinExec

MOV ECX,1 ;Parameter 2 for WinExec SW_SHOWNORMAL

PUSH ECX ;Push the 2nd param on the stack

PUSH EBX ;Push the first Param

XOR EBX,EBX ;Zero the EBX register

MOV EBX,0x7c86114d ;WinExec address. found it using Arwin utility

CALL EBX ;Call the WinExec

XOR EAX,EAX ;Zero EAX

Read more…

Categories: MalwareAnalysis Tags:

Basics of Active Directory

July 31st, 2011 1 comment

Active Directory:

Overview: Active Directory(AD) is a directory Service created  by Microsoft. Active Directory provides the means to manage the identities and relationships that make up the organization’s network. Active Directory gives you out-of-the-box functionality needed to stores all information and settings for a deployment in a central database and allows administrators to assign policies, deploy and update software.

Active Directory uses a number of standardized protocols to provide a variety of network services, including:

  • Lightweight Directory Access Protocol LDAP, the industry standard directory access protocol, compatible with many management and query applications. Active Directory supports LDAPv3 and LDAPv2.
  • Optional Kerberos-based authentication.
  • DNS-based naming and other network information.

Active Directory Benefits:

  • Integration with DNS:  Active Directory uses the Domain Name System (DNS). DNS is an Internet standard service that translates human-readable computer names (such as mycomputer.microsoft.com) to computer-readable numeric Internet Protocol (IP) addresses (four numbers separated by periods). Read more…

Reading your Mind

July 31st, 2011 1 comment

This is a small mind reading game. You have to think a Number between 1 and 63 (including 1 and 63). Some lists will be shown to you and you have to tell me the in which of the lists your number appears and i’ll tell you the number which is there in your mind.
Read more…

Switch to our mobile site