Locale in non-English exploit shell

[nagos1 at gmail.com (Vladimir Yakovlev)]

2008/11/12 H D Moore <hdm at metasploit.com>

> Great feedback -- to be able to code this properly, we need a way to
> detect the remote code page.

It is not critical. Option is enough. In real situation 99% of surrounding
systems is in known language. Others is English.


> One trouble we have with using the Iconv
> calls is that they can crash/break when invalid unicode characters are
> present in the stream.

I am not pro ruby programmer, but why we can't use some exceptions like this
data = user_input.gets
begin
data=Iconv.iconv("cp866","utf-8", data).join(" ")
rescue
print("locale error, check options")
end
This code not breaks when trying illegal conversions. Conversion not
happens, and "bad symbols" displayed with question marks (like without
iconv).

> This is the reason why MSFGUI is so poor at
> handling non-english locales.
>
> The easiest way to implement this would be a new advanced option for all
> payloads with an interactive shell. Can we assume the metasploit-side
> code page is always going to be UTF-8?

Current metasploit-side locate can be easy determinated
http://www.yotabanana.com/hiki/ruby-locale-howto.html
UTF-8 are universal, Russan, English, Cheneese, all characters are printed.
On my system shell
$locale
LANG=ru_RU.UTF-8
But iconv to UTF-8 in ruby works fine.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20081113/fee9dfd6/attachment.htm>