[framework] access payload variable with non default encoder
Jerome Athias
jerome.athias at free.fr
Wed Dec 26 09:04:30 CST 2007
Hi,
if you use an encoder... it needs a 'key'* to decode the encoded payload
it is just this* that you see prepended to your shellcode...
Joe Owler wrote:
> Thanks for you help. Tried that and looks better, but still I have few
> characters that arent alphanumeric at the beginning of the buffer,
> what could they be ?
>
> This should be standard windows/exec payload executing calc.exe
> encoded with AlphanumMixed
>
>
>
> ...?áÚÀÙqô^VYIIIIIIIIIICCCCCC7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIKLJHQTC0C0C0LKPEGLLKCLEUCHEQJOLKPOB8LKQOGPC1JKPILKGDLKC1JNFQIPMINLMTIPBTC7IQHJDMEQHBJKJTGKPTGTDDCEM5LKQOQ4C1JKBFLKDLPKLKQOELEQJKLKELLKEQJKLIQLFDDDISQOP1KFCPQFCTLKG6P0LKG0DLLKD0ELNMLKCXDHK9KHMSIPCZF0BHL0LJDDQOCXLXKNMZDNPWKOJGE3E1BLCSFNBED8CUEPAA
>
> Am I missing something ?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3253 bytes
Desc: S/MIME Cryptographic Signature
Url : http://spool.metasploit.com/pipermail/framework/attachments/20071226/f0afc6c5/attachment.bin
More information about the framework
mailing list