Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using AdjustTokenPrivileges via Meterpreter Railgun

From: Rob Fuller <mubix () room362 com>
Date: Tue, 15 Jan 2013 23:49:03 -0500
Another thing is to just build it out based on the spec if you can.
DWORD,DWORD,DWORD,DWORD == 4 + 4 + 4 + 4 right? so if you wanted to set
each to 1 you could do this in ruby:

1.9.3-p194 :008 > bob =
"\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01"
 =>
"\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u0001"

1.9.3-p194 :010 > bob.unpack("C*")
 => [0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1]

1.9.3-p194 :013 > bob.unpack("N*")
 => [1, 1, 1, 1]

Then write that into memory. (VirtualAlloc first, then writemem)



--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org


On Tue, Jan 15, 2013 at 10:03 PM, devin bjelland <devinbjelland () gmail com>wrote:


Try writing the structure in c++, compiling for the target architecture,
and then looking at the structure in memory with a debugger.

On Tue, Jan 15, 2013 at 12:40 AM, Spencer, Shelby C <
Shelby_C_Spencer () rl gov> wrote:


Thanks Mubix for your response.  I understand that I need to construct
the Struct as a byte sequence, but I don't know what that should look like.
 Is there a guide on this?  Does it follow some predefined standard (of
which I am not aware)?



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: