Dailydave mailing list archives
Metasploits Msfencode
From: "Adam Bateman - 7Safe Information Security" <adam.bateman () 7safe com>
Date: Tue, 24 Oct 2006 20:24:41 +0100
Hi everyone, I was wondering whether anyone could pass on some knowledge about msfencode. I am having a go at developing an exploit for my own educational benefit. The payload must avoid certain bad chars so I have used msfencode to generate a payload that successfully avoids the use of these chars. The problem is that the payload must be split into two area's with a jmp command to reach the second half. If I encode the payload, will the decoder be aware that the second half also needs decoding? And does the JMP command need to be encoded separately and then appended to the first half of the payload? ---------------------------------------------------------------------------- ------- [ENCODED PAYLOAD 2] * [ENCODED PAYLOAD 1] [UN ENCODED REVERSE JMP] (execution starts at *) ---------------------------------------------------------------------------- ------- When I use msfencode does the payload end up like this? [DECODER][ENCODED PAYLOAD] Therefore removing half the payload will stop the decoder? One final thing, why does msfencode in Metasploit framework 2.6 generate a payload that's 1309 bytes and on msfweb (hosted on the Metasploit site) generates a payload that's 447 bytes? Is the decoder not included in the output? Q summary: ----------- 1. How does msfencode work, where does it place the decoder? 2. Will the decoder still decode the second part of the payload? 3. Does the JMP command need to be encoded separately and then added to the end of the first half of the payload? 3. Why does msfencode (msf 2.6) and msfweb output different size payloads, is the decoder not included in msfweb? Any help is very much appreciated.. Kind Regards, ADAM _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Metasploits Msfencode Adam Bateman - 7Safe Information Security (Oct 24)
- Re: Metasploits Msfencode Dave Aitel (Oct 24)