Metasploit mailing list archives
browser_autopwn
From: hdm at metasploit.com (HD Moore)
Date: Mon, 17 Aug 2009 12:43:14 -0500
On Mon, 17 Aug 2009 11:24:19 -0500, Ricardo F. Teixeira <ricardo.teixas at gmail.com> wrote:
When using browser_autopwn in OS X 10.5.X the payload created contains invalid parameters for the echo binary.
[...]
Could someone fix it? :)
The CMD encoders need to updated to look at the Compat => RequiredCmds field in the payload (or at least something fancy added to get this value), otherwise they can't determine what encoding methods are valid for the particular target. I worked around it for now by making the badchars list in the exploit '' and then adding a no-encoding fall through to the generic_sh.rb encoder, see if this solves the problem for you. -HD
Current thread:
- browser_autopwn Ricardo F. Teixeira (Aug 17)
- browser_autopwn HD Moore (Aug 17)
- Message not available
- browser_autopwn Ricardo F. Teixeira (Aug 17)
- Message not available
- browser_autopwn HD Moore (Aug 17)