Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

My question is regarding architectural restrictions associated with backdoor/bin

ID: 655884 • Letter: M

Question

My question is regarding architectural restrictions associated with backdoor/bind/reverse tcp payloads used typically to gain shell through exploitation.

In a situation where the target box architecture(x86, x64, ARM, etc) is unknown.

1. Would an x64 payload work on a x86 architecture without user intervention? For example, Windows prompting the user to run executable in a capability mode.
2. Is there a solution for payload delivery that does not have architectural dependencies?
3. Would encoding a x64 payload with an x86 encoder create compatibility issues when executed?

Any help is appreciated! I appreciate it because I'll save time asking here rather then manually testing.

Explanation / Answer

1. Can an x64 payload work on an x86 architecture

64-bit executables can not work on an x86 architectures because there are two many differences between the architectures. Beyond the address space limitations there are 64-bit registers that just do not exist. Parameters for functions are handled entirely differently. Machine instructions operate differently.

Windows 64-bit contains a lot of code to ensure that there is compatibility for x86 programs to run on an x64 architecture, but the executables have to be written to take advantage of this. In this case the exploit would have to be built as a 32-bit application, and utilize the WOW64 subsystem. This subsystem is kind of like a sandbox to run 32-bit applications. It essentially emulates a 32-bit system for the purposes of execution.

2. Is there a solution for payload delivery that does not have architectural dependencies?

Compilers build for a specific architecture. As I stated above architecture independent code requires a some time of emulation. For example, Java uses a virtual machine to run on multiple platforms. This comes at a performance cost.

3. Would encoding a x64 payload with an x86 encoder create compatibility issues when executed?

I don't know what an x86 encoder is. If you mean you're transforming x64 machine code into x86 machine code... you might as well just build for x86 to begin with. Since it's pretty much the same thing.

Related Questions

My question is Is acceleration relative? My motivation for asking this question
Question #1759442
My question is \"A severe thunderstorm dumped 2.5 in of rain in 30 min on a town
Question #1705646
My question is about C# language If I have two classes one class called faculty
Question #3714455
My question is about Part B. what would be the net present value for each projec
Question #2484229
My question is about how best to organize C++ classes around a database model, a
Question #658917
My question is about number 5. It uses information from number 4. A liquid-phase
Question #916537
My question is about problem 4R in Chapter 23, which is acontinuation of questio
Question #2917686
My question is about problem 4R in Chapter 23, which is acontinuation of questio
Question #2952566

Navigate

Previous
My question is regarding Problem 4.33 (page 164) of the textbook Data Structures
Next
My question is regarding how I setup my summation for torque. The Pulley is rota

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.