Results 1 to 5 of 5

Thread: CongratZ! Now .NETwill load malware

Hybrid View

  1. #1
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1

    CongratZ! Now .NETwill load malware

    after VB6 loaders, now NETwill load malware. these WStrings warms me:

    GetThreadContext
    WriteProcessMemory
    NtUnmapViewOfSection
    ReadProcessMemory
    ResumeThread
    SetThreadContext
    VirtualAllocEx
    VirtualProtectEx

    and wrapped malware inside looks quite dangerous. (in_NETklbrw.exe)

    PASS: malware
    Attached Files Attached Files

  2. #2

    Possibly something similar

    I attended a conference where this presentation took place and the speaker with another demonstrated all the abilities described in this outline. I think this would also be relevant to the increase of malware that will be injected into .NET code.

    http://www.owasp.org/index.php/Hacking_.NET_Applications_at_Runtime:_A_Dynamic_Attack

    Also there was supposed to be a tool release for the injection tool, but I have not found the tool through some immense searching. If anyone finds this tool would be interesting to play with.

  3. #3
    Programmer Run Amock... Bengaly's Avatar
    Join Date
    Aug 2001
    Location
    Somewhere over the Rainbow
    Posts
    289
    Blog Entries
    1
    Now, if Windows (xp,2008,2003,vista,7) had any decent and working permission controls (like, ie: root in unix/linux) than I wouldn't have had any trouble accepting .net process and memory privileges... but damn it with you m$ you're just shooting your self in the foot with this one, again and again..
    "knowledge is now free at last, everything should be free from now on, enjoy knowledge and life and never work for everybody else"

  4. #4
    In truth, it is possible.
    it was even possible in XP...
    fact is, they made the stuff soooo complex not even they are capable anymore of understanding how to use it...
    The real M$ problem lies in kernelland and the "owner" privilege check, which requires alot of lateral thinking to bypass (if you own something, you can always own it fully, silly rule...).
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  5. #5
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Quote Originally Posted by R33N View Post
    I attended a conference where this presentation took place and the speaker with another demonstrated all the abilities described in this outline. I think this would also be relevant to the increase of malware that will be injected into .NET code.
    Not really, since what the guy is presenting is only a glorified loader/code injector practically. You still need to have control over the machine already to have any use for it, and then you might as well just start a thread with your own arbitrary machine code in any application you have currently privileges to. I have seen that presentation live too, and the guy misuses and abuses the words "hacking" and "owning" throughout the whole thing, just to make his reversing tool sound more hacker leeto...


    Quote Originally Posted by R33N View Post
    Also there was supposed to be a tool release for the injection tool, but I have not found the tool through some immense searching. If anyone finds this tool would be interesting to play with.
    You apparently didn't search "immensely" enough to take a look in the CRCETL here on this server, since it's been sitting there waiting for you all the time...

    http://www.woodmann.com/collaborative/tools/index.php/DotNetasploit
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

Similar Threads

  1. load exe with parameters
    By bOU in forum OllyDbg Support Forums
    Replies: 1
    Last Post: May 3rd, 2005, 13:06
  2. can't load softice
    By onehin in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: November 22nd, 2003, 09:21
  3. DLL break on load
    By pistol pete in forum OllyDbg Support Forums
    Replies: 3
    Last Post: September 10th, 2003, 23:34
  4. IceDump - load?
    By BruceLee in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: September 27th, 2002, 00:40
  5. can't load icedump
    By mike in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: November 27th, 2000, 13:16

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •