Metasploit mailing list archives
Locale in non-English exploit shell
From: nagos1 at gmail.com (Vladimir Yakovlev)
Date: Thu, 13 Nov 2008 02:27:43 +0300
2008/11/12 H D Moore <hdm at metasploit.com>
Great feedback -- to be able to code this properly, we need a way to detect the remote code page.
It is not critical. Option is enough. In real situation 99% of surrounding systems is in known language. Others is English.
One trouble we have with using the Iconv calls is that they can crash/break when invalid unicode characters are present in the stream.
I am not pro ruby programmer, but why we can't use some exceptions like this data = user_input.gets begin data=Iconv.iconv("cp866","utf-8", data).join(" ") rescue print("locale error, check options") end This code not breaks when trying illegal conversions. Conversion not happens, and "bad symbols" displayed with question marks (like without iconv).
This is the reason why MSFGUI is so poor at handling non-english locales. The easiest way to implement this would be a new advanced option for all payloads with an interactive shell. Can we assume the metasploit-side code page is always going to be UTF-8?
Current metasploit-side locate can be easy determinated http://www.yotabanana.com/hiki/ruby-locale-howto.html UTF-8 are universal, Russan, English, Cheneese, all characters are printed. On my system shell $locale LANG=ru_RU.UTF-8 But iconv to UTF-8 in ruby works fine. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20081113/fee9dfd6/attachment.htm>
Current thread:
- Locale in non-English exploit shell Vladimir Yakovlev (Nov 12)
- Locale in non-English exploit shell H D Moore (Nov 12)
- Locale in non-English exploit shell Vladimir Yakovlev (Nov 12)
- Locale in non-English exploit shell H D Moore (Nov 14)
- Locale in non-English exploit shell takuan (Nov 14)
- Locale in non-English exploit shell H D Moore (Nov 12)