Metasploit mailing list archives
DCE/RPC in Metasploit
From: rhyskidd at gmail.com (Rhys Kidd)
Date: Tue, 19 Dec 2006 01:47:46 +0900
On 12/19/06, Krpata, Tyler <tkrpata at bjs.com> wrote:
Actually never mind that, it turns out I can just send
NDR.wstring("\x00") instead of including a string.
Just a suggestion, but IMHO if IDS evasion is the name-of-the-game, then an
empty NULL terminated string where UNC paths are normally expected would be
more 'abnormal', than something like:
NDR.wstring("\\"+Rex::Text.rand_text_alphanumeric(rand(10)))
.. which more closely matches the traffic produced by a typical legitimate
request.
- Rhys
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20061219/5d074a8d/attachment.htm>
Current thread:
- DCE/RPC in Metasploit, (continued)
- DCE/RPC in Metasploit Rhys Kidd (Dec 14)
- DCE/RPC in Metasploit Michael Wood (Dec 15)
- DCE/RPC in Metasploit Justin Heath (Dec 15)
- DCE/RPC in Metasploit Michael Wood (Dec 15)
- DCE/RPC in Metasploit Krpata, Tyler (Dec 15)
- DCE/RPC in Metasploit Brian Caswell (Dec 15)
- DCE/RPC in Metasploit Krpata, Tyler (Dec 15)
- DCE/RPC in Metasploit Brian Caswell (Dec 17)
- DCE/RPC in Metasploit Krpata, Tyler (Dec 18)
- DCE/RPC in Metasploit H D Moore (Dec 18)
- DCE/RPC in Metasploit Krpata, Tyler (Dec 18)
- DCE/RPC in Metasploit Rhys Kidd (Dec 18)
- DCE/RPC in Metasploit Rhys Kidd (Dec 14)