Hello guys
hope you all doing good
I’m trying to create a windows reverse tcp connection shellcode using direct call to the windows API to use it inside Code-Cave . using ollydebugger
what I understand is the following:
to create a reverse connection shellcode you need:
1-WSAStartup()
2-Socket()
3-Connect()
4-CreateProcess() with cmd.
The connection (socket) part works fine with me and I open netcat on my attacking machine and works fine I got connection
But my problem in CreateProcess() with cmd here is what I did :
I split the shellcode into two parts because long:
Connection part:
Part 1 Image
CreateProcess part:
Here is when Calling CreateProcess():
Image
And I got this error after calling it:
> ERROR_NO_MORE_FILES (00000012)
I tried to change the Argument (ModuleFileName) to the path of cmd.exe and remove (cmd) from (CommandLine) argument , the execute complete fine and I got no error but I don’t Receive any shell on my attacking machine
I even trace the “shell_reverse_tcp” of metasploit and it use the same arguments I use in Createprocess() and works fine , The only diffrenet I guss that it use LoadLibrary() to load the dll responsple for the socket and get the function address by name , but for me the dll which is ws2_32.dll is already loaded and I search for the address of the function I want in that dll and call it.
Please Help