mailing list archives
Re: Escape characters
From: Eric <dkn4a1 () gmail com>
Date: Fri, 1 Apr 2011 12:52:49 +0530
No. I'm not trying to encode the shellcode.
Suppose, I want to generate a payload executable with msfpayload for
windows/exec payload with parameter CMD=cmd /c start calc & start
In this case, obviously I need to escape spaces, \ and & characters, like
msfpayload windows/exec CMD=cmd\ \/c\ start\ calc\ \&\ start\ notepad
Likewise, which all character I need to escape to make it work perfectly fine?
On Fri, Apr 1, 2011 at 12:36 PM, Jose Selvi <jselvi () pentester es> wrote:
MSFEncode is who encode the payload without badchars.
Badchars depends on wich vulnerability are you exploiting. Each
vulnerability has their own badchars so there isn't a single list of
universal badchars. Some of them are quite common like 0x00 (end of string),
but I think there isn't any universal list.
What vulnerability are you exploiting?
El 01/04/11 08:53, Eric escribió:
What all special characters should be escaped with msfpayload?
I believe< > ; : ' " / ( ) %&
Could I find documentation regarding this somewhere?
Thanks in advance.
Security Technical Consultant
CISA, CISSP, CNAP, GCIH, GPEN
SANS Mentor in Madrid (Spain). September 23 - November 25
SEC560: Network Penetration Testing and Ethical Hacking