Metasploit mailing list archives
Re: Encoding Payloads
From: Tod Beardsley <todb () planb-security net>
Date: Wed, 10 Nov 2010 10:08:24 -0600
I'm not familiar with the book, but... On Wed, Nov 10, 2010 at 9:44 AM, Jeffs <jeffs () speakeasy net> wrote:
My first question is with the first sentence. When it is stated you pass a whole array of all possible characters that can be sent, how is it that you determine which ones were modified after the application has received them.
I assume the material is implying that you have control of the target application and you can just hook up it to a debugger and see what gets passed and what doesn't.
My second question is, believe it or not!, with the second sentence. Is there some kind of master list or more expedited way of making an assumption about what characters certain applications most like modify/avoid?
Again, depends on the application and function. The two classical examples are avoiding \x00 when you're dealing with a function that null terminates strings (C-like things), and avoiding spaces when you're dealing with command arguments that are space-delimited (like plaintext protocols like IMAP). _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Encoding Payloads Tommy Elliott (Nov 10)
- Re: Encoding Payloads Jeffs (Nov 10)
- Re: Encoding Payloads Tod Beardsley (Nov 10)
- Re: Encoding Payloads Joshua J. Drake (Nov 10)
- Re: Encoding Payloads Tommy Elliott (Nov 10)
- Re: Encoding Payloads Jeffs (Nov 10)