Full Disclosure: re: Assembly Code Question

[amebix () comcast net]

> Just two quick questions about DCOM exploit code (Please excuse my 
> ignorance):
> 1) Why did each request have to be coded in assembly?
> and
 
I believe you are referring to the shellcodes at the beginning of the DCOM exploit,
 
"char shellcode[]"  
 
and so on. Those are the shellcodes needed to open a remote shell once the exploit has overflowed the buffer. I wont 
get into a long detailed reason why the ASM is nessecary but once the overflow has occured the programs flow of 
execution is pointed at that those assembely instructions to create your shell or set root privelages or whatever your 
shellcode happens to do. The reason some of them are different is because the RPC version was different for each 
operating system the exploit worked on. Some offsets and overflow sizes had to be adjusted.
 

> 2) Was each request hand coded or are there tools that help them to 
> construct each request in assembly?
Most tools that say they can write shellcode only at best help in the process. You might want to search 
www.packetstormsecurity. for docs on how to write your own shellcode.
 

> Much appreciated!
 
You can learn alot more about buffer overflows and those shellcode instructions from the web, theres plenty of papers 
on the subject. 'Smashing the Stack for Fun and Profit' was one of the longer and better ones.
 
Chris () cr-secure net 
my email is down :[

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html