Metasploit mailing list archives

Using encoders directly

From: tkrpata at bjs.com (Krpata, Tyler)
Date: Wed, 27 Dec 2006 15:09:33 -0500

Sorry, didn't realize I hadn't included the message. The message I get
without messing with the encoder file at all is:
        Exploit failed: wrong number of arguments (1 for 2)

In generic.rb under lib/rex/encoder/alpha2, the Generic.encode method
calls encode_byte with one argument, where it expects a second
"badchars" argument. 

If I change the call in the encode method to:
        encoded += encode_byte(block, "")
I get the message:
        Exploit failed: Negative
Which seems to be an exception raised by the encode_byte method. The
"second" value looks like it is derived from the gen_second method in
unicode_mixed.rb. 

If I try to use the AlphaMixed encoder instead of the UnicodeMixed
encoder after I have made that change in the Generic.encode method, it
seems to work ok, though I haven't verified that the payload was
actually encoded properly.

-----Original Message-----
From: mmiller at hick.org [mailto:mmiller at hick.org]
Sent: Wednesday, December 27, 2006 2:25 PM
To: framework at metasploit.com
Subject: Re: [framework] Using encoders directly

On Thu, Dec 21, 2006 at 11:19:56AM -0500, Krpata, Tyler wrote:

I think this question got lost in my last post, so I thought I'd

start a

new thread about it.

Should I be able to use the encoders in Metasploit directly? What

I'd

like to do is use the Alpha2 encoder something like:
payload =

Rex::Encoder::Alpha2::UnicodeMixed.encode(shellcode,"EBX",0)


The "shellcode" argument in this case is actually the code retrieved
from the "egghunter" class.


Apologies for the late reply, I've been out of town.

Right now the API that's exposed to encode arbitrary (non-payload)
buffers isn't very easy to use.  It'd be better if we added a method

to

the EncodedPayload class that would allow you to specify a buffer
rather than a payload instance.  With that said, your use of the

encode

method looks correct.  Can you include the actual exception message
that's displayed (aside from just the call stack)?  That might help
narrow down a bit more what's going on.

Current thread:

Using encoders directly Krpata, Tyler (Dec 21)
- Using encoders directly mmiller at hick.org (Dec 27)
- <Possible follow-ups>
- Using encoders directly Krpata, Tyler (Dec 27)
  - Using encoders directly mmiller at hick.org (Dec 27)