[framework] bad char issue
H D Moore
hdm at metasploit.com
Thu Oct 25 21:45:02 CDT 2007
The only known case of this happening is users of the msfweb interface who
are not running the latest version. In all other instances, Metasploit
does not change the data you send via the sock.put() and other calls. If
by payload, you mean the actual shellcode, one way to verify this is to
modify the exploit module in question to do a hex-dump of the encoded
shellcode:
print_line Rex::Text.to_hex_dump(payload.encoded)
More than likely, it is the application that is breaking or modifying your
code. Another possibility is that the ESP register is too close to your
data, so stack operations (push, etc) done by the nop sled results in
corruption of your payload. If this is the case (are you using a jmp
esp?), make sure you pass a 'StackAdjustment' => -3500 block in the
Payload info hash element of your module (many modules do this).
-HD
On Thursday 25 October 2007, Muhaimin Dzulfakar wrote:
> I found the metasploit itself change one of the character in my
> payload not the vulnerable application.
> I confirmed this by sniffing the packet.The changed character was \xb2
> which had been changed to \x44. I dont think I've to add that
> character under BadChar as It's not the application which change my
> payload but my exploit code.How that could happen ?
More information about the framework
mailing list