Metasploit mailing list archives
Re: Finding Bad Characters?
From: John Nash <rootsecurityfreak () gmail com>
Date: Thu, 17 Feb 2011 22:43:30 +0530
Thanks Egypt! I will try both the ASCII Sled and Range Method and get back. Would be great if we had some tool which could start the vulnerable program, send inputs to it, examine the memory and then just tell us the bad characters :) JN On Thu, Feb 17, 2011 at 10:30 PM, <egypt () metasploit com> wrote:
Our wiki page on writing exploit modules has some useful stuff about badchars: https://www.metasploit.com/redmine/projects/framework/wiki/ExploitModuleDev#Illegal-Characters You might also want to look into using the byakugan plugin for windbg: https://www.metasploit.com/redmine/projects/framework/repository/show/external/source/byakugan Hope this helped, egypt On Thu, Feb 17, 2011 at 9:54 AM, John Nash <rootsecurityfreak () gmail com> wrote:Thanks for the link! Yes, I have but at times it becomes very difficult to compare memory locations manually. Also, times when our input gets modified, it gets even more difficult to to do this. Even if not automated, maybe a tool or a plugin for Immunity/Olly to make this easier? JN On Thu, Feb 17, 2011 at 10:11 PM, Craig Freyman <craigfreyman () gmail com> wrote:I don't have an automated way but have you seen this? http://en.wikibooks.org/wiki/Metasploit/WritingWindowsExploit#Dealing_with_badchars On Thu, Feb 17, 2011 at 9:35 AM, John Nash <rootsecurityfreak () gmail com> wrote:Hello All, Just dived into exploit research and finding bad characters is killing me! Can someone point me to a good document / methodology / automated way to find bad characters? Any help will be greatly appreciated! Rgds, JN _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Finding Bad Characters? John Nash (Feb 17)
- Message not available
- Re: Finding Bad Characters? John Nash (Feb 17)
- Re: Finding Bad Characters? egypt (Feb 17)
- Re: Finding Bad Characters? John Nash (Feb 17)
- Re: Finding Bad Characters? danuxx (Feb 17)
- Re: Finding Bad Characters? John Nash (Feb 17)
- Message not available
- Re: Finding Bad Characters? John Nash (Feb 18)