Metasploit mailing list archives

access payload variable with non default encoder

From: jerome.athias at free.fr (Jerome Athias)
Date: Wed, 26 Dec 2007 16:04:30 +0100

Hi,

if you use an encoder... it needs a 'key'* to decode the encoded payload
it is just this* that you see prepended to your shellcode...

Joe Owler wrote:

Thanks for you help. Tried that and looks better, but still I have few 
characters that arent alphanumeric at the beginning of the buffer, 
what could they be ?

This should be standard windows/exec payload executing calc.exe 
encoded with AlphanumMixed



...?????q?^VYIIIIIIIIIICCCCCC7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIKLJHQTC0C0C0LKPEGLLKCLEUCHEQJOLKPOB8LKQOGPC1JKPILKGDLKC1JNFQIPMINLMTIPBTC7IQHJDMEQHBJKJTGKPTGTDDCEM5LKQOQ4C1JKBFLKDLPKLKQOELEQJKLKELLKEQJKLIQLFDDDISQOP1KFCPQFCTLKG6P0LKG0DLLKD0ELNMLKCXDHK9KHMSIPCZF0BHL0LJDDQOCXLXKNMZDNPWKOJGE3E1BLCSFNBED8CUEPAA

Am I missing something ?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3253 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20071226/f0afc6c5/attachment.bin>

Current thread:

access payload variable with non default encoder Joe Owler (Dec 23)
- access payload variable with non default encoder H D Moore (Dec 23)
- <Possible follow-ups>
- access payload variable with non default encoder Joe Owler (Dec 24)
  - access payload variable with non default encoder H D Moore (Dec 24)
- access payload variable with non default encoder Joe Owler (Dec 26)
  - access payload variable with non default encoder Jerome Athias (Dec 26)
  - access payload variable with non default encoder H D Moore (Dec 26)