Metasploit mailing list archives

pattern_offset

From: patrick at aushack.com (Patrick Webster)
Date: Thu, 22 Jan 2009 15:04:04 +1100

Hi Ricardo,

You're using rand_text_? - exactly that, random text :) Its purpose is
anti-IDS etc.

Whilst *writing* your module, use:

buf = Rex::Text.pattern_create(220) instead.

You will have a hit with pattern_offset.rb (unless the overflow is
modified by some internal instructions, e.g. unicode coversion etc
etc)

Once you know the correct offset, swap it back to rand_text.

-Patrick

Current thread:

pattern_offset Ricardo F. Teixeira (Jan 21)
- pattern_offset Patrick Webster (Jan 21)
  - pattern_offset Ricardo F. Teixeira (Jan 21)
    - pattern_offset H D Moore (Jan 21)
    - pattern_offset Patrick Webster (Jan 21)