Metasploit mailing list archives
Attention: Windows and msfweb users
From: hdm at metasploit.com (H D Moore)
Date: Mon, 2 Apr 2007 23:28:16 -0500
A serious bug was fixed in the msfweb interface (the default interface on the Windows platform). Please use the 'Online Update' menu item or the 'svn update' command to obtain the latest patches. The bug was caused by Rails. Specifically, the version of Rails used by the msfweb interface. This version of Rails changes the $KCODE global variable to "u", which forces all strings to be treated as unicode. This is a major problem when it comes to any form of binary string manipulation (ie. shellcode, random text strings, encoders, etc). The solution was to overload the Rails::Initializer class with a new initialize_encoding() method that forces Ruby to stick with plain old ascii strings. This seems to solve the problem and I was able to test out the new ANI exploits from my Windows install of Metasploit. This is the reason why exploits would randomly fail on Windows (and msfweb), but work perfectly from the command line on Unix systems. If anyone runs into problem using the ANI exploits from the Windows platform, please let me know ASAP. -HD
Current thread:
- Attention: Windows and msfweb users H D Moore (Apr 02)
- Attention: Windows and msfweb users Charles Hamby (Apr 03)
- Attention: Windows and msfweb users H D Moore (Apr 03)
- Attention: Windows and msfweb users Charles Hamby (Apr 03)
- Attention: Windows and msfweb users H D Moore (Apr 03)
- Attention: Windows and msfweb users Charles Hamby (Apr 03)