Metasploit mailing list archives
Forcing a specific encoder
From: mmiller at hick.org (mmiller at hick.org)
Date: Tue, 17 Oct 2006 07:58:55 -0500
On Tue, Oct 17, 2006 at 10:36:14AM +0200, Alok Menghrajani wrote:
And it seems, no matter what I do, I can't get to fill reqs['Encoder'] (HERE2 and HERE3 never get displayed). Could someone please explain why in /lib/msf/core/exploit.rb (L468), the reqs['Encoder'] is not assigned a value the same way as the other parameters (such as BadChars) ? I tried adding 'Encoder' => '/x86/countdown' and 'Payload' => { 'Encoder' => '/x86/countdown' } to my exploit, but the reqs['Encoder'] never seems to get assigned.
While not directly related to your question (which Pranay Kanwar answered), there is another way that you can indirectly control which encoder is selected. Technically, we would prefer that exploits stay away from specifying a static encoder in their meta information. Non-static encoders make them less static and more likely to be able to grow if we add or improve existing encoders. However, in some cases, it is necessary for exploits to restrict that type of encoder that is used to one that will meet a certain set of character requirements. For example, the following 'types' of encoders can be specified in an exploit to limit the set of possible encoders that the framework will attempt to use when building a payload for the exploit: module Type # 'A' - 'Z', '0' - '9' AlphanumUpper = "alpha_upper" # 'a' - 'z', 'A' - 'Z', '0' - '9' AlphanumMixed = "alpha_mixed" # Unicode-safe 'A' - 'Z', '0' - '9' AlphanumUnicodeUpper = "alpha_unicode_upper" # Unicode-safe 'a' - 'z', 'A' - 'Z', '0' - '9' AlphanumUnicodeMixed = "alpha_unicode_mixed" # toupper/tolower safe ascii - not 'a' - 'z', 'A' - 'Z' NonAlpha = "non_alpha" # tolower safe ascii - not 'A' - 'Z' (more flexable than nonalpha) NonUpper = "non_upper" # tolower safe ascii UTF8-safe (<= 0x7f only) NonUpperUtf8Safe = "non_upper_utf8_safe" # All characters Raw = "raw" end This probably isn't applicable to your exploit, but I'm mainly posting it for future reference. To see an example of specifying an encoder type, check out the following exploit: exploits/windows/browser/mcafee_mcsubmgr_vsprintf.rb
Current thread:
- Forcing a specific encoder Alok Menghrajani (Oct 17)
- Forcing a specific encoder Pranay Kanwar (Oct 17)
- Forcing a specific encoder mmiller at hick.org (Oct 17)