Metasploit mailing list archives
msfpayload and msfencode problems
From: Vinnie.Liu at ey.com (Vinnie.Liu at ey.com)
Date: Wed, 20 Oct 2004 09:45:04 -0500
I ran into this problem myself a bit back and talked with HD about it, but he couldn't replicate the issue. I'm curious, are you running thru cygwin? If so, what version Windows? Service pack level? Eventually, I fixed it by commenting out some lines (87-89 in my version) in msfencode to bypass the check and to re-insert certain characters (check line 112), and I think what's happening is somewhere in getopt() its not reading in the input correctly and stealing the '\' character, so you have to reinsert it by modding the regexp in line 112. I forget exactly what changes I had made, but I hope the above helps. Vinnie Liu --------------- Rudolph W. Giuliani Advanced Security Centers Ernst & Young LLP 713.750.1280 vinnie.liu at ey.com CCNA, CISSP "sol seclists" <ramatkal at hotmail.com> 10/20/2004 09:51 AM To <framework at metasploit.com> cc Subject [framework] msfpayload and msfencode problems Having some problems with msfpayload and msfencode.... im trying to generate a win32 bind shell payload which has no '~' (\x7e) characters in it (as well as the usual \r\n). Below is the command i used: msf > msfpayload win32_bind R | msfencode -t c -e ShikataGaNai -b "\x00\x0d\x0a\x7e" [*] Bad character list format is "\x00\x01\x02" i then had a bit of a play with the -b flag, but still no luck. msf > msfpayload win32_bind R | msfencode -t c -e ShikataGaNai -b "\x00" [*] Bad character list format is "\x00\x01\x02" msf > msfpayload win32_bind R | msfencode -t c -e ShikataGaNai -b \x00 [*] Bad character list format is "\x00\x01\x02" msf > msfpayload win32_bind R | msfencode -t c -e ShikataGaNai -b '\x00' [*] Bad character list format is "\x00\x01\x02" msf > msfpayload win32_bind R | msfencode -t c -e ShikataGaNai -b "\x00\x01\x02" [*] Bad character list format is "\x00\x01\x02" msf > If i leave off the -b flag, it generates the payload correctly. Anyone got any ideas? Thanks, ________________________________________________________________________ The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Notice required by law: This e-mail may constitute an advertisement or solicitation under U.S. law, if its primary purpose is to advertise or promote a commercial product or service. You may choose not to receive advertising and promotional messages from Ernst & Young LLP (except for Ernst & Young Online and the ey.com website, which track e-mail preferences through a separate process) at this e-mail address by forwarding this message to no-more-mail at ey.com. If you do so, the sender of this message will be notified promptly. Our principal postal address is 5 Times Square, New York, NY 10036. Thank you. Ernst & Young LLP -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20041020/dca418df/attachment.htm>
Current thread:
- msfpayload and msfencode problems sol seclists (Oct 20)
- msfpayload and msfencode problems Vinnie.Liu at ey.com (Oct 20)
- msfpayload and msfencode problems RaMatkal (Oct 21)
- msfpayload and msfencode problems mmiller at hick.org (Oct 20)
- <Possible follow-ups>
- msfpayload and msfencode problems ninjatools at hush.com (Oct 20)
- msfpayload and msfencode problems Vinnie.Liu at ey.com (Oct 20)