Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Forcing a specific encoder

From: mmiller at hick.org (mmiller at hick.org)
Date: Tue, 17 Oct 2006 07:58:55 -0500
On Tue, Oct 17, 2006 at 10:36:14AM +0200, Alok Menghrajani wrote:

And it seems, no matter what I do, I can't get to fill reqs['Encoder']
(HERE2 and HERE3 never get displayed).

Could someone please explain why in /lib/msf/core/exploit.rb (L468), the
reqs['Encoder'] is not assigned a value the same way as the other
parameters (such as BadChars) ?

I tried adding 'Encoder' => '/x86/countdown' and 'Payload' => {
'Encoder' => '/x86/countdown' } to my exploit, but the reqs['Encoder']
never seems to get assigned.


While not directly related to your question (which Pranay Kanwar
answered), there is another way that you can indirectly control which
encoder is selected.  Technically, we would prefer that exploits stay
away from specifying a static encoder in their meta information.  Non-static
encoders make them less static and more likely to be able to grow if we add or
improve existing encoders.  However, in some cases, it is necessary for
exploits to restrict that type of encoder that is used to one that will meet a
certain set of character requirements. For example, the following 'types' of
encoders can be specified in an exploit to limit the set of possible encoders
that the framework will attempt to use when building a payload for the exploit:

   module Type
      # 'A' - 'Z', '0' - '9'
      AlphanumUpper        = "alpha_upper"
      # 'a' - 'z', 'A' - 'Z', '0' - '9'
      AlphanumMixed        = "alpha_mixed"
      # Unicode-safe 'A' - 'Z', '0' - '9'
      AlphanumUnicodeUpper = "alpha_unicode_upper"
      # Unicode-safe 'a' - 'z', 'A' - 'Z', '0' - '9'
      AlphanumUnicodeMixed = "alpha_unicode_mixed"
      # toupper/tolower safe ascii - not 'a' - 'z', 'A' - 'Z' 
      NonAlpha = "non_alpha"
      # tolower safe ascii - not 'A' - 'Z' (more flexable than nonalpha)
      NonUpper = "non_upper"
      # tolower safe ascii UTF8-safe (<= 0x7f only)
      NonUpperUtf8Safe = "non_upper_utf8_safe"
      # All characters
      Raw                  = "raw"
   end

This probably isn't applicable to your exploit, but I'm mainly posting it
for future reference.  To see an example of specifying an encoder type,
check out the following exploit:

exploits/windows/browser/mcafee_mcsubmgr_vsprintf.rb
Previous By Date Next
Previous By Thread Next

Current thread: