Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: PocketPC exploitation

Re: PocketPC exploitation

From: <dennis_at_backtrace.de>
Date: Thu, 22 Sep 2005 16:16:09 +0200

> > i would like to know if some of you have experience with exploitation of
> > PocketPCs and could give me some ways and tools (debugger...).
> > since some vulns come ( http://www.securityfocus.com/bid/13807 )
> > I know that writing a DLL (Fuser) is quite easy with eVC++ (Embedded),
> > so a "download and execute"-like shellcode could be amazing...
>
> Pointers to begin with :
>
> - Microsoft Embedded Visual C++, with on-target debugging :
>
http://www.microsoft.com/downloads/details.aspx?FamilyID=1dacdb3d-50d1-41b2-a107-fa75ae960856&displaylang=en
>
> - Phrack #63 "Hacking Windows CE"
> http://www.phrack.org/phrack/63/p63-0x06_Hacking_WindowsCE.txt
>
> - And the upcoming IDA Pro 4.9 with Windows CE on-target debugging :
> http://www.datarescue.com/idabase/wince/index.htm
>
> Regards,
> - Nicolas RUFF
> Security researcher @ EADS-CCR
>

Hello Nicolas, hello Jerome, hello list :)

Even an early alpha version of the IDA Windows CE debugger proved
to be *very* useful and had some major advantages over the
Embedded MSVC debugger (single-stepping into subfunctions for instance).
I used IDA and the CE debugger in order to find and verify the
vulnerability mentioned above. Looking forward to 4.9 :-)

Cheers,

Dennis
Received on Sep 24 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos