Metasploit mailing list archives
Re: Encoding Payloads
From: Tommy Elliott <t.ellio.09 () gmail com>
Date: Wed, 10 Nov 2010 11:54:49 -0600
Great article and input! I think this information will help me out enormously. Thanks again, Tommy On Wed, Nov 10, 2010 at 10:40 AM, Joshua J. Drake <jdrake () metasploit com>wrote:
On Wed, Nov 10, 2010 at 09:32:04AM -0600, Tommy Elliott wrote:Got a quick question that hopefully I can get some guidance with. Belowisan excerpt from the Metasploit Free Ebook download about *msfencode*: What Are Bad Characters? Many applications perform some sort of ???ltering on the input theyreceive.For instance, a Web server might preprocess Unicode characters before theyaresent on to the vulnerable piece of code. As a result, the payload might getmodi???edand may not function as expected. Some characters also end up terminatingstrings,such as the NULL (0x00) byte. These must also be avoided. To determine what characters are being pre-processed, a whole array ofallpos- sible characters could be sent, and it could then be determined whichoneswere mod- i???ed. Another way to do this would be to make assumptions about the characters that that type of an application typically modi???es and avoid using those. My first question is with the first sentence. When it is stated you passawhole array of all possible characters that can be sent, *how* is it that you determine which ones were modified after the application has received them.Short answer, with some precise debugging.My second question is, believe it or not!, with the second sentence. Is there some kind of master list or more expedited way of making anassumptionabout what characters certain applications most like modify/avoid? I understand that '0x00' is a NULL character but what other assumptionswouldnormally be made?A bunch of other assumptions can be made by considering the transport, or other technologies employed. For example, "\n" is a bad character for many protocols since they use it to delimit commands.If these questions involve lengthy answers that you think I may need more guidance than a single reply then please feel free to simply point me intheright direction! ;)Check out the section on Illegal Characterse in the ExploitModuleDev wiki entry - http://www.metasploit.com/redmine/projects/framework/wiki/ExploitModuleDev#Illegal-Characters -- Joshua J. Drake
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Encoding Payloads Tommy Elliott (Nov 10)
- Re: Encoding Payloads Jeffs (Nov 10)
- Re: Encoding Payloads Tod Beardsley (Nov 10)
- Re: Encoding Payloads Joshua J. Drake (Nov 10)
- Re: Encoding Payloads Tommy Elliott (Nov 10)
- Re: Encoding Payloads Jeffs (Nov 10)