Pages: [1]

Author Topic: Remote Code Execution  (Read 903 times)

0 Members and 1 Guest are viewing this topic.

Offline VictorM

  • NULL
  • Posts: 2
  • Cookies: 0
    • View Profile
Remote Code Execution
« on: August 28, 2012, 01:41:07 am »
Hello everyone.

I was hoping the fine folks here might be able to answer a question about writing remote code exploits. Assuming that the machine is running windows XP/Vista/7 on a x86 platform with all service packs, patches and updates with no services and no server applications running then how can it be possible to take advantage of such a box remotely ?

Please note that I have no interest nor intentions in hacking into anyone box but would like to understand the logic behind how remote code exploits work...

Thanks in advance

VictorM
Report to moderator   Logged

Offline NeX

  • Peasant
  • *
  • Posts: 74
  • Cookies: 5
    • View Profile
Re: Remote Code Execution
« Reply #1 on: August 28, 2012, 11:11:11 am »
Let's assume that I have targeted a Linux server wither kernel 3.0 64 bit which belongs to a bank located in America.. How do I write local root exploit.. And note that I don't want to hack into the box, just want to know how the logic works.. Yeah right >.> Seems legit.

Take a look at the newest windows bugs, and depending on what they are, make your own exploit ;)
Report to moderator   Logged

Offline s3my0n

  • Knight
  • **
  • Posts: 276
  • Cookies: 58
    • View Profile
    • ::1
Re: Remote Code Execution
« Reply #2 on: August 28, 2012, 02:08:57 pm »
If you can get in a computer on the same network as the target, from there you can try to enumerate what servers are running on the target that can only be seen by the computers on the internal network. Then you can try to remote exploit those services. As NeX said because it's very up to date system you have to "Take a look at the newest windows bugs, and depending on what they are, make your own exploit".
Report to moderator   Logged
Easter egg in all *nix systems: E(){ E|E& };E

Z3R0

  • Guest
Re: Remote Code Execution
« Reply #3 on: August 29, 2012, 12:10:25 am »
There are also an infinite number of social-engineering/mitm/client-side attacks that you can do. You are not only limited to attacking vulnerable services on a machine, you do also have the ability to attack the user, and still achieve remote code execution. Just for example, no one will ever have an invulnerable version of Adobe Flash installed. It's like the most exploited program in the history of the world, next to Internet Explorer.


That's not to exclude attacking things such as vpn, poisoned routing tables, and random design-flaws like null sessions.


Edit: Yes...as much as I indulge in trolling on the forums, I do tend to give solid advice from time to time.
« Last Edit: August 29, 2012, 12:15:24 am by m0rph »
Report to moderator   Logged

Offline VictorM

  • NULL
  • Posts: 2
  • Cookies: 0
    • View Profile
Re: Remote Code Execution
« Reply #4 on: August 29, 2012, 05:57:53 am »
@Everyone thanks for the helpful replies...

I have a better idea now how a hacker can take control of any given machine...The main thing was I wanted to find out if even a box is up to date in patches and servicep packs without running certain services (i.e. FTP, HTTP) and box can still be taken control of.

Appreciate the informative replies..
Report to moderator   Logged
Pages: [1]