re: [Full-Disclosure] Assembly Code Question

[amebix@comcast.net]

>Just two quick questions about DCOM exploit code (Please excuse my 
>ignorance):

>1) Why did each request have to be coded in assembly?
>and
 
I believe you are referring to the shellcodes at the beginning of the DCOM 
exploit,
 
"char shellcode[]"  
 
and so on. Those are the shellcodes needed to open a remote shell once the 
exploit has overflowed the buffer. I wont get into a long detailed reason why 
the ASM is nessecary but once the overflow has occured the programs flow of 
execution is pointed at that those assembely instructions to create your shell 
or set root privelages or whatever your shellcode happens to do. The reason 
some of them are different is because the RPC version was different for each 
operating system the exploit worked on. Some offsets and overflow sizes had to 
be adjusted.
 

>2) Was each request hand coded or are there tools that help them to 
>construct each request in assembly?

Most tools that say they can write shellcode only at best help in the process. 
You might want to search www.packetstormsecurity. for docs on how to write your 
own shellcode.
 

>Much appreciated!

 
You can learn alot more about buffer overflows and those shellcode instructions 
from the web, theres plenty of papers on the subject. 'Smashing the Stack for 
Fun and Profit' was one of the longer and better ones.
 
Chris@cr-secure.net 
my email is down :[

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html