Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Encoder PexFnstenvSub

From: HD Moore <hdm () metasploit com>
Date: Mon, 23 Nov 2009 08:55:17 -0600
On Mon, 2009-11-23 at 12:18 -0200, Pedro Drimel wrote:

Hello everyone,

I used to use metasploit:55555 to generate payloads however the
servers seems to be offline. I would like through command like
msfpayload the same encoder as "PexFnstenvSub", I think it is
x86/fnstenv_mov but didn't work as the another one.

What is the encoder PexFnstenvSub?


The metasploit:55555 server is just msfweb from Metasploit 2.7, you can
download and run it yourself if you like, but there are really good
reasons for it being offline:


1) The payloads do not work on newer versions of Windows
2) The payloads do not work with newer CPUs with NX support
3) The payloads have since been improved (reliability) and shrunk

The supported way is msfpayload with msfencode, the "pexfnstenvsub"
encode was not directly ported, but x86/fnstenv_mov is pretty close to
it. In most cases you do not need to set the encoder, just set the bad
character list in msfencode (-b '\x00'). If x86/fnstenv_mov is not
working, please file a bug.

-HD

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: