Metasploit mailing list archives
Opcode db suggestion and msfencode question
From: RaMatkal at hotmail.com (RaMatkal)
Date: Wed, 25 May 2005 16:51:53 +0200
Great work on 2.4! A quick suggestion and a question.... The opcode database is terrific! A really nifty addition to the opcode db would be the ability to specify bad characters to filter from the return addresses....For example, only show those return addresses whose ascii values are valid alphanumeric characters.... Now for my question....im trying to exploit a server which filters all non-alpha numeric characters.....in order to land on my encoded shellcode, i need to do a couple of jumps....since 'eb' and 'e9' are filtered i figure i can encode the jumps with msfencode... anyone done this before or have any neat advice on how to do JMP's when only alphanumeric chars are valid.. I tried putting an 'eb 06' into <filename> and then trying: /msfencode -i <filename> -e PexAlphaNum but got back a 79 byte payload which still contained a couple of 'eb' s (obviously needed for the encoder function at the beginning right?).... Any suggestions/advice/help would be greatly appreciated.... RaMatkal -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20050525/6fa5739b/attachment.htm>
Current thread:
- Opcode db suggestion and msfencode question RaMatkal (May 25)
- Opcode db suggestion and msfencode question mmiller at hick.org (May 25)
- Opcode db suggestion and msfencode question RaMatkal (May 26)
- Opcode db suggestion and msfencode question mmiller at hick.org (May 25)