[framework] Bad Characters Filtering
scotty to hotty
j_fast_and_the_furious at hotmail.com
Fri Sep 21 20:51:17 CDT 2007
what i normally do is the following. When i send a payload, i make sure the program im attacking is opened in ollydbg (any debugger will do) and i send the exploit with the payload. if the program is filtering any imput it'll trip the debugger and you'll know that the shellcode is being altered in memory. if you follow in dump esp's location you'll see at bottom left hand corner a window witch will contain all of the exploit encluding the shellcode. just go byte by byte making sure that each byte in memory is the same as the one you sent in exploit. if you see at some point a byte is changed then it means that the character changed is being filtered and you will add that to your bad characters list. you will keep repeating this step until the debugger no longer trips. and voila you'll see it works like a charm every-time.
and while im here, does anyone know how to creat your own thread? im new to this mailing list.
_________________________________________________________________
Discover the new Windows Vista
http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE
More information about the framework
mailing list