Once we dissect the password, we’ll test this dynamically and see if we can remove the service previously created. It’s very similar to the code under the -in flag, but it deletes the service instead of creating it. Once we dissect the password, we’ll test this dynamically and see if we can set the service name. exe password - in param2, it comes from the optional second argument. exe password - in, the service name comes from the executable when invoked as Lab09 - 01. The service name appears to be partly comprised of the string “ Manager Service”, but it looks like there’s another component, probably the service name passed in as a function parameter. There’s a function call to get the current executable’s filename, and then a function call that has logic around creating a service. We’ll look at these command-line arguments, come up with some hypotheses about what they do, and then test them with OllyDbg. This makes the selfDestruct function fairly easy to pick out. Then it checks for the number of additional arguments (up to 4!) and, if they do not match, it self-destructs. in password - re password - c param1 param2 param3 param4 password - cc password
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |