browser_autopwn

[hdm at metasploit.com (HD Moore)]

On Mon, 17 Aug 2009 11:24:19 -0500, Ricardo F. Teixeira  
<ricardo.teixas at gmail.com> wrote:

> When using browser_autopwn in OS X 10.5.X the payload created contains
> invalid parameters for the echo binary.
[...]
> Could someone fix it? :)

The CMD encoders need to updated to look at the Compat => RequiredCmds  
field in the payload (or at least something fancy added to get this  
value), otherwise they can't determine what encoding methods are valid for  
the particular target.

I worked around it for now by making the badchars list in the exploit ''  
and then adding a no-encoding fall through to the generic_sh.rb encoder,  
see if this solves the problem for you.

-HD