Jump to content

Executing An .exe File Automatically

Infiltrator

By Infiltrator
in Questions

 Share

Recommended Posts

Infiltrator Newbie

Infiltrator

Posted
Posted (edited)

Hi All,

I would like to know if that's possible for an .exe file to automatically execute itself upon arrival on a target machine without any user interaction.

For example, I am running two VMs one of them is a web server that has some file uploading mechanism and the other machine is the attacker machine.

Now when I upload an .exe file from the attacker machine to the victim machine (web server) I would like the .exe file to execute itself upon arrival if this is even possible at all?

Your comments will be much appreciated thank you.

Regards,

Infiltrator

Edited by Infiltrator
ChevronX Newbie

ChevronX

Posted
Posted

Possibly some sort of packaged exe, with the /s switch. Silent installer or away to have an autorun file execute. Unsure, im sure others will have better ideas then I have.

will-wtf Newbie

will-wtf

Posted
Posted

Self execution can only really be made with autorun (now mostly patched) or an exploit as self execution is the main component in malware... :S

A while back there was a .GIF exploit that would cause this to happen :)

Infiltrator Newbie

Infiltrator

Posted
  • Author
Posted (edited)
Self execution can only really be made with autorun (now mostly patched) or an exploit as self execution is the main component in malware... :S

A while back there was a .GIF exploit that would cause this to happen :)

I guess I could do the following

put a php/asp shell on the server and use that to execute your exe or use some sort of exploit script to do the dirty work for me.

Edited by Infiltrator
redxine Newbie

redxine

Posted
Posted

Ah - thus is entering the realm of buffer overflows. And that is quite a bit of an art. Looking at where a service has a memory leak and taking advantage of it to spill your code perfectly into the IP value of the next memory address, and having the processor run your code with it....

The only other thing I could think of is having it replace an already existing binary (such as one in cgi-bin [look for bad permissions]) and then calling it remotely with a request.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...