access payload variable with non default encoder

[patrick at aushack.com (Patrick Webster)]

Slightly OT, but if you have issues with bad chars and space, you may be
able use the EggHunter instead. Store the payload in a different section of
memory, then overwrite EIP with the egg hunter stage.

I did this with:

http://www.metasploit.com/svn/framework3/trunk/modules/exploits/windows/http/xitami_if_mod_since.rb

... because of bad char issues and only 100 odd bytes to use... so I whacked
the payload inside the Host header instead :)

-Patrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20080103/dc60b9fa/attachment.htm>