From: Aleksander P. Czarnowski (alekc@avet.com.pl)
Date: Fri Jul 22 2005 - 18:23:12 EDT
You can check the classic publication:
Exploiting Windows NT 4.0 Buffer Overruns (A Case Study: RASMAN.EXE)
http://www.ngssoftware.com/papers/ntbufferoverflow.html
A lot of good tips on this topic can be also found in Shellcoder's handbook if you need introduction to more advance topics on this platform. Also take a look at kungfoo project and MetaSploit for universal shellcodes.
Remember that you don't call Win32 API with syscall (int 80h) like in Linux but you need to have correct address to issue call instruction.
Just my 2 cents
Best Regards,
Aleksander Czarnowski
AVET INS
> -----Original Message-----
> From: Mike Klingler [mailto:mike@securitymetrics.com]
> Sent: Friday, July 22, 2005 5:02 AM
> To: pen-test@securityfocus.com
> Subject: Windows NT shellcode needed
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> I have found a more remote version of apache 1.3.4 win32 on a NT system.
> It appears vulnerable, but I am having the hardest time locating shell
> code for use against this system.
>
> What are some good resources for creating shell code on windows NT 4.0
> systems? I have done trivial buffer overflows in C on Linux, but don't
> know how to make the jump to windows very well. Any thoughts out there?
> Thanks.
>
> Mike
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFC4GHAQzWqtbsEFfgRA+tOAJ9Ky3YSM1DlrffeLkaiYg71S6HQtACgtZ/X
> bCa1mYwOa8wNT91l1x45KzM=
> =DAnz
> -----END PGP SIGNATURE-----
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:37 EDT