[framework] Payload Bugs ?

[Thomas Werth]

thanks for the info.
As i'm using strcpy in my test app only \x00 has to be a badchar, right ?

When using encoding i read something on uninformed about edx ( or ecx)
is used as base for decoding and has to be adjusted. Is this still
needed or is encoding enough without taking care about art of decoding ?


J. M. Seitz schrieb:
> Use the NASM shell that ships with Metasploit. 
> 
> nasm > sub esp,3500
> 00000000  81ECAC0D0000      sub esp,0xdac
> nasm >
> 
> So you would start payload off with "\x81\xec\xac\x0d\x00\x00" but of course
> you will want to encode it as those two NULL bytes will give you grief.
> 
> JS
> 
> 
>> -----Original Message-----
>> From: Thomas Werth [mailto:security at vahle.de] 
>> Sent: Tuesday, August 28, 2007 11:20 PM
>> To: framework at metasploit.com
>> Subject: Re: [framework] Payload Bugs ?
>>
>> ok, but how do i append ?
>> i doubt $payload .= "sub esp,3500" would do it, am i wrong ?
>> How would i exactly append this in perl and how in msf.rb file ?
>>
>> J. M. Seitz schrieb:
>>> I think a simple:
>>>
>>> sub esp,3500
>>>
>>> Would do it, prepend to your shellcode. 
>>>
>>> JS
>>>> -----Original Message-----
>>>> From: Thomas Werth [mailto:security at vahle.de]
>>>> Sent: Tuesday, August 28, 2007 10:50 PM
>>>> To: framework at metasploit.com
>>>> Subject: Re: [framework] Payload Bugs ?
>>>>
>>>> Patrick Webster schrieb:
>>>>> I assume your german return address is correct.
>>>>>
>>>>> Try using a shellcode with a stack adjustment of -3500.
>>>>>
>>>>> Otherwise your payload may be using bad characters which are not 
>>>>> accepted, or the payload code is changed by other
>>>> instructions before
>>>>> you execute, by the target application?
>>>>>
>>>>> -Patrick
>>>>>
>>>> How exactly can i do this ? This sounds really interessting, but i 
>>>> didn't find a "Adjust Stack for dummies guide" ;) Can you gimme a 
>>>> small example ?
>