Metasploit mailing list archives
Forcing a specific encoder
From: alok.menghrajani at ilionsecurity.ch (Alok Menghrajani)
Date: Tue, 17 Oct 2006 10:36:14 +0200
Hi all, I would like to force a specific encoder. Currently the framework is always choosing encoder/x86/shikata_ga_nai, but I have the feeling there is a bug in this encoder (or probably in my code, that's why I want to play around with different encoders before I start blaming other people's code for my bugs :). I read the mailing list archive, and it seems ver 2.0 did not let an exploit specify the encoder on it's own. But when I looked at the source code of the ver 3.0, it seems there is some kind of way to specify a preferred encoder... So I added some debug stuff to the encode method in the file /lib/msf/core/encoded_payload.rb (L106-L112): # If the caller had a preferred encoder, try to find it and # prefix it print "HERE1" if ((reqs['Encoder']) and (preferred = framework.encoders[reqs['Encoder']])) print "HERE2" encoders.unshift([reqs['Encoder'], preferred ]) elsif (reqs['Encoder']) print "HERE3" wlog("#{pinst.refname}: Failed to find preferred encoder #{reqs['Encoder']}") end And it seems, no matter what I do, I can't get to fill reqs['Encoder'] (HERE2 and HERE3 never get displayed). Could someone please explain why in /lib/msf/core/exploit.rb (L468), the reqs['Encoder'] is not assigned a value the same way as the other parameters (such as BadChars) ? I tried adding 'Encoder' => '/x86/countdown' and 'Payload' => { 'Encoder' => '/x86/countdown' } to my exploit, but the reqs['Encoder'] never seems to get assigned. Thanks, Alok.
Current thread:
- Forcing a specific encoder Alok Menghrajani (Oct 17)
- Forcing a specific encoder Pranay Kanwar (Oct 17)
- Forcing a specific encoder mmiller at hick.org (Oct 17)