Metasploit mailing list archives
Localization?
From: hdm at metasploit.com (H D Moore)
Date: Wed, 4 Oct 2006 18:40:07 -0500
On Wednesday 04 October 2006 18:24, takuan4 at gmail.com wrote:
I just have one issue in that i'm doing penetration testing in Japan and when i get a shell or meterpreter, etc.. all of the Japanese characters come out garbled.
1. Do you know of any way to get different encodings across sessions to work?
Nope, this seems like a "hard" problem because there is no way to determine what encoding the target uses without just scanning the bytes and taking a guess. My only suggestion would be to use non-command-shell payloads (Meterpreter) and try to avoid the encoding issues completely. While we could add a filter to the command shell session handler to detect and decode non-ASCII characters, translating user input into valid encodings on the remote end may be more difficult.
2. Is there a way to not use the default MSF nc listener for say reverse shells and use my own instead (hopefully i can find one that supports EUC).
Not in 3.0. Under 2.x, we supported an external payload handler (set NinjaDontKill maybe? check for the SocketNinja documentation), but 3.0 has no similar feature. The reason is that although the "standard" command shell payloads don't require anything fancy, all of the stager/staging systems depend on the framework having control of the socket. For some exploits, the framework will stop trying to exploit the target only after it has recognized a created session. Something that may work under 3.0 is to create a plugin that hooks the on_session_created() event and write code to proxy input and output to an external application. -HD
Current thread:
- Localization? takuan4 at gmail.com (Oct 04)
- Localization? H D Moore (Oct 04)