Re: Encoding Payloads

[Tod Beardsley <todb () planb-security net>]

I'm not familiar with the book, but...

On Wed, Nov 10, 2010 at 9:44 AM, Jeffs <jeffs () speakeasy net> wrote:

> My first question is with the first sentence. When it is stated you pass a
> whole array of all possible characters that can be sent, how is it that you
> determine which ones were modified after the application has received them.

I assume the material is implying that you have control of the target
application and you can just hook up it to a debugger and see what
gets passed and what doesn't.

> My second question is, believe it or not!, with the second sentence. Is
> there some kind of master list or more expedited way of making an assumption
> about what characters certain applications most like modify/avoid?

Again, depends on the application and function. The two classical
examples are avoiding \x00 when you're dealing with a function that
null terminates strings (C-like things), and avoiding spaces when
you're dealing with command arguments that are space-delimited (like
plaintext protocols like IMAP).
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework