msfpayload and msfencode problems

[ramatkal at hotmail.com (RaMatkal)]

yeah that was running through cygwin, windows 2000 SP4.

Thanks everyone for all the help/advice. I'll have a play with it on my FC2 box rather than start hacking around with 
the source.                                                                                                             
                                                                                                                        
                                                                                                                        
                                                
  ----- Original Message ----- 
  From: Vinnie.Liu at ey.com 
  To: framework at metasploit.com 
  Sent: Wednesday, October 20, 2004 4:45 PM
  Subject: Re: [framework] msfpayload and msfencode problems



  I ran into this problem myself a bit back and talked with HD about it, but he couldn't replicate the issue. I'm 
curious, are you running thru cygwin? If so, what version Windows? Service pack level? 

  Eventually, I fixed it by commenting out some lines (87-89 in my version) in msfencode to bypass the check and to 
re-insert certain characters (check line 112), and I think what's happening is somewhere in getopt() its not reading in 
the input correctly and stealing the '\' character, so you have to reinsert it by modding the regexp in line 112. 

  I forget exactly what changes I had made, but I hope the above helps. 


  Vinnie Liu
  ---------------
  Rudolph W. Giuliani Advanced Security Centers
  Ernst & Young LLP
  713.750.1280
  vinnie.liu at ey.com
  CCNA, CISSP



        "sol seclists" <ramatkal at hotmail.com> 
        10/20/2004 09:51 AM 
       To <framework at metasploit.com>  
              cc  
              Subject [framework] msfpayload and msfencode problems 

              

       



  Having some problems with msfpayload and msfencode.... 
    
  im trying to generate a win32 bind shell payload which has no '~' (\x7e) characters in it (as well as the usual 
\r\n). Below is the command i used: 
    
  msf > msfpayload win32_bind R | msfencode -t c -e ShikataGaNai -b "\x00\x0d\x0a\x7e"
  [*] Bad character list format is "\x00\x01\x02" 
  i then had a bit of a play with the -b flag, but still no luck. 
    
  msf > msfpayload win32_bind R | msfencode -t c -e ShikataGaNai -b "\x00"
  [*] Bad character list format is "\x00\x01\x02"
  msf > msfpayload win32_bind R | msfencode -t c -e ShikataGaNai -b \x00
  [*] Bad character list format is "\x00\x01\x02"
  msf > msfpayload win32_bind R | msfencode -t c -e ShikataGaNai -b '\x00'
  [*] Bad character list format is "\x00\x01\x02"
  msf > msfpayload win32_bind R | msfencode -t c -e ShikataGaNai -b "\x00\x01\x02"
  [*] Bad character list format is "\x00\x01\x02"
  msf > 
    
  If i leave off the -b flag, it generates the payload correctly. Anyone got any ideas? 
    
  Thanks, 
  ________________________________________________________________________
  The information contained in this message may be privileged and confidential and protected from disclosure. If the 
reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message 
to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited. If you have received this communication in error, please notify us immediately by 
replying to the message and deleting it from your computer. 

  Notice required by law: This e-mail may constitute an advertisement or solicitation under U.S. law, if its primary 
purpose is to advertise or promote a commercial product or service. You may choose not to receive advertising and 
promotional messages from Ernst & Young LLP (except for Ernst & Young Online and the ey.com website, which track e-mail 
preferences through a separate process) at this e-mail address by forwarding this message to no-more-mail at ey.com. If 
you do so, the sender of this message will be notified promptly. Our principal postal address is 5 Times Square, New 
York, NY 10036. Thank you. Ernst & Young LLP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20041021/3b13ccb4/attachment.htm>