Required tools for playing around with memory:
hexdump
objdump
readelf
xxd
gcore
Abstract
This is a document explaining how to locate WaitForSingleObject(..., INFINITE)
within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.
Contents:
#!/usr/bin/python | |
# This file has no update anymore. Please see https://github.com/worawit/MS17-010 | |
from impacket import smb | |
from struct import pack | |
import sys | |
import socket | |
''' | |
EternalBlue exploit for Windows 7/2008 by sleepya | |
The exploit might FAIL and CRASH a target system (depended on what is overwritten) |