[framework] DCE/RPC in Metasploit
Rhys Kidd
rhyskidd at gmail.com
Mon Dec 18 10:47:46 CST 2006
On 12/19/06, Krpata, Tyler <tkrpata at bjs.com> wrote:
>
> Actually never mind that, it turns out I can just send
> NDR.wstring("\x00") instead of including a string.
Just a suggestion, but IMHO if IDS evasion is the name-of-the-game, then an
empty NULL terminated string where UNC paths are normally expected would be
more 'abnormal', than something like:
NDR.wstring("\\"+Rex::Text.rand_text_alphanumeric(rand(10)))
.. which more closely matches the traffic produced by a typical legitimate
request.
- Rhys
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework/attachments/20061219/5d074a8d/attachment.htm
More information about the framework
mailing list