|
Metasploit
mailing list archives
Re: Using AdjustTokenPrivileges via Meterpreter Railgun
From: Rob Fuller <mubix () room362 com>
Date: Tue, 15 Jan 2013 23:49:03 -0500
Another thing is to just build it out based on the spec if you can.
DWORD,DWORD,DWORD,DWORD == 4 + 4 + 4 + 4 right? so if you wanted to set
each to 1 you could do this in ruby:
1.9.3-p194 :008 > bob =
"\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01"
=>
"\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0001"
1.9.3-p194 :010 > bob.unpack("C*")
=> [0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1]
1.9.3-p194 :013 > bob.unpack("N*")
=> [1, 1, 1, 1]
Then write that into memory. (VirtualAlloc first, then writemem)
--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org
On Tue, Jan 15, 2013 at 10:03 PM, devin bjelland <devinbjelland () gmail com>wrote:
Try writing the structure in c++, compiling for the target architecture,
and then looking at the structure in memory with a debugger.
On Tue, Jan 15, 2013 at 12:40 AM, Spencer, Shelby C <
Shelby_C_Spencer () rl gov> wrote:
Thanks Mubix for your response. I understand that I need to construct
the Struct as a byte sequence, but I don't know what that should look like.
Is there a guide on this? Does it follow some predefined standard (of
which I am not aware)?
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
 By Date 
By Thread
Current thread:
|
