Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Encoding Payloads

From: "Joshua J. Drake" <jdrake () metasploit com>
Date: Wed, 10 Nov 2010 10:40:50 -0600
On Wed, Nov 10, 2010 at 09:32:04AM -0600, Tommy Elliott wrote:

Got a quick question that hopefully I can get some guidance with.  Below is
an excerpt from the Metasploit Free Ebook download about *msfencode*:

What Are Bad Characters?
Many applications perform some sort of ???ltering on the input they receive.
For
instance, a Web server might preprocess Unicode characters before they are
sent on
to the vulnerable piece of code. As a result, the payload might get modi???ed
and may
not function as expected. Some characters also end up terminating strings,
such as the
NULL (0x00) byte. These must also be avoided.

To determine what characters are being pre-processed, a whole array of all
pos-
sible characters could be sent, and it could then be determined which ones
were mod-
i???ed. Another way to do this would be to make assumptions about the
characters that
that type of an application typically modi???es and avoid using those.

My first question is with the first sentence. When it is stated you pass a
whole array of all possible characters that can be sent, *how* is it that
you determine which ones were modified after the application has received
them.


Short answer, with some precise debugging.


My second question is, believe it or not!, with the second sentence. Is
there some kind of master list or more expedited way of making an assumption
about what characters certain applications most like modify/avoid? I
understand that '0x00' is a NULL character but what other assumptions would
normally be made?


A bunch of other assumptions can be made by considering the transport,
or other technologies employed. For example, "\n" is a bad character
for many protocols since they use it to delimit commands.


If these questions involve lengthy answers that you think I may need more
guidance than a single reply then please feel free to simply point me in the
right direction! ;)


Check out the section on Illegal Characterse in the ExploitModuleDev
wiki entry -

http://www.metasploit.com/redmine/projects/framework/wiki/ExploitModuleDev#Illegal-Characters

-- 
Joshua J. Drake

Attachment: _bin
Description: 

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: