Metasploit mailing list archives
Bad Characters Filtering
From: j_fast_and_the_furious at hotmail.com (scotty to hotty)
Date: Sat, 22 Sep 2007 01:51:17 +0000
what i normally do is the following. When i send a payload, i make sure the program im attacking is opened in ollydbg (any debugger will do) and i send the exploit with the payload. if the program is filtering any imput it'll trip the debugger and you'll know that the shellcode is being altered in memory. if you follow in dump esp's location you'll see at bottom left hand corner a window witch will contain all of the exploit encluding the shellcode. just go byte by byte making sure that each byte in memory is the same as the one you sent in exploit. if you see at some point a byte is changed then it means that the character changed is being filtered and you will add that to your bad characters list. you will keep repeating this step until the debugger no longer trips. and voila you'll see it works like a charm every-time. and while im here, does anyone know how to creat your own thread? im new to this mailing list. _________________________________________________________________ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE
Current thread:
- Bad Characters Filtering Danux (Sep 21)
- Bad Characters Filtering scotty to hotty (Sep 21)
- Multistage payload help scotty to hotty (Sep 21)
- Bad Characters Filtering Jerome Athias (Sep 22)
- Bad Characters Filtering Danux (Sep 25)