[framework] Forcing a specific encoder
Alok Menghrajani
alok.menghrajani at ilionsecurity.ch
Tue Oct 17 03:36:14 CDT 2006
Hi all,
I would like to force a specific encoder. Currently the framework is
always choosing encoder/x86/shikata_ga_nai, but I have the feeling there
is a bug in this encoder (or probably in my code, that's why I want to
play around with different encoders before I start blaming other
people's code for my bugs :).
I read the mailing list archive, and it seems ver 2.0 did not let an
exploit specify the encoder on it's own. But when I looked at the source
code of the ver 3.0, it seems there is some kind of way to specify a
preferred encoder...
So I added some debug stuff to the encode method in the file
/lib/msf/core/encoded_payload.rb (L106-L112):
# If the caller had a preferred encoder, try to find it and
# prefix it
print "HERE1"
if ((reqs['Encoder']) and
(preferred = framework.encoders[reqs['Encoder']]))
print "HERE2"
encoders.unshift([reqs['Encoder'], preferred ])
elsif (reqs['Encoder'])
print "HERE3"
wlog("#{pinst.refname}: Failed to find preferred
encoder #{reqs['Encoder']}")
end
And it seems, no matter what I do, I can't get to fill reqs['Encoder']
(HERE2 and HERE3 never get displayed).
Could someone please explain why in /lib/msf/core/exploit.rb (L468), the
reqs['Encoder'] is not assigned a value the same way as the other
parameters (such as BadChars) ?
I tried adding 'Encoder' => '/x86/countdown' and 'Payload' => {
'Encoder' => '/x86/countdown' } to my exploit, but the reqs['Encoder']
never seems to get assigned.
Thanks,
Alok.
More information about the framework
mailing list