Metasploit mailing list archives

Bad Characters Filtering

From: j_fast_and_the_furious at hotmail.com (scotty to hotty)
Date: Sat, 22 Sep 2007 01:51:17 +0000


what i normally do is the following. When i send a payload, i make sure the program im attacking is opened in ollydbg 
(any debugger will do) and i send the exploit with the payload. if the program is filtering any imput it'll trip the 
debugger and you'll know that the shellcode is being altered in memory. if you follow in dump esp's location you'll see 
at bottom left hand corner a window witch will contain all of the exploit encluding the shellcode. just go byte by byte 
making sure that each byte in memory is the same as the one you sent in exploit. if you see at some point a byte is 
changed then it means that the character changed is being filtered and you will add that to your bad characters list. 
you will keep repeating this step until the debugger no longer trips. and voila you'll see it works like a charm 
every-time.

and while im here, does anyone know how to creat your own thread? im new to this mailing list.
_________________________________________________________________
Discover the new Windows Vista
http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE

Current thread:

Bad Characters Filtering Danux (Sep 21)
- Bad Characters Filtering scotty to hotty (Sep 21)
- Multistage payload help scotty to hotty (Sep 21)
- Bad Characters Filtering Jerome Athias (Sep 22)
  - Bad Characters Filtering Danux (Sep 25)