msfpayload and msfencode problems

[Vinnie.Liu at ey.com (Vinnie.Liu at ey.com)]

I ran into this problem myself a bit back and talked with HD about it, but 
he couldn't replicate the issue. I'm curious, are you running thru cygwin? 
If so, what version Windows? Service pack level?

Eventually, I fixed it by commenting out some lines (87-89 in my version) 
in msfencode to bypass the check and to re-insert certain characters 
(check line 112), and I think what's happening is somewhere in getopt() 
its not reading in the input correctly and stealing the '\' character, so 
you have to reinsert it by modding the regexp in line 112.

I forget exactly what changes I had made, but I hope the above helps.


Vinnie Liu
---------------
Rudolph W. Giuliani Advanced Security Centers
Ernst & Young LLP
713.750.1280
vinnie.liu at ey.com
CCNA, CISSP




"sol seclists" <ramatkal at hotmail.com> 
10/20/2004 09:51 AM

To
<framework at metasploit.com>
cc

Subject
[framework] msfpayload and msfencode problems






Having some problems with msfpayload and msfencode....
 
im trying to generate a win32 bind shell payload which has no '~' (\x7e) 
characters in it (as well as the usual \r\n). Below is the command i used:
 
msf > msfpayload win32_bind R | msfencode -t c -e ShikataGaNai -b 
"\x00\x0d\x0a\x7e"
[*] Bad character list format is "\x00\x01\x02"
i then had a bit of a play with the -b flag, but still no luck. 
 
msf > msfpayload win32_bind R | msfencode -t c -e ShikataGaNai -b "\x00"
[*] Bad character list format is "\x00\x01\x02"
msf > msfpayload win32_bind R | msfencode -t c -e ShikataGaNai -b \x00
[*] Bad character list format is "\x00\x01\x02"
msf > msfpayload win32_bind R | msfencode -t c -e ShikataGaNai -b '\x00'
[*] Bad character list format is "\x00\x01\x02"
msf > msfpayload win32_bind R | msfencode -t c -e ShikataGaNai -b 
"\x00\x01\x02"
[*] Bad character list format is "\x00\x01\x02"
msf >
 
If i leave off the -b flag, it generates the payload correctly. Anyone got 
any ideas?
 
Thanks,
________________________________________________________________________
The information contained in this message may be privileged and confidential and protected from disclosure.  If the 
reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message 
to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited. If you have received this communication in error, please notify us immediately by 
replying to the message and deleting it from your computer.  

Notice required by law:  This e-mail may constitute an advertisement or solicitation under U.S. law, if its primary 
purpose is to advertise or promote a commercial product or service.   You may choose not to receive advertising and 
promotional messages from Ernst & Young LLP (except for Ernst & Young Online and the ey.com website, which track e-mail 
preferences through a separate process) at this e-mail address by forwarding this message to no-more-mail at ey.com.  
If you do so, the sender of this message will be notified promptly. Our principal postal address is 5 Times Square, New 
York, NY 10036. Thank you.  Ernst & Young LLP

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20041020/dca418df/attachment.htm>