[framework] access payload variable with non default encoder
Patrick Webster
patrick at aushack.com
Wed Jan 2 17:19:29 CST 2008
Slightly OT, but if you have issues with bad chars and space, you may be
able use the EggHunter instead. Store the payload in a different section of
memory, then overwrite EIP with the egg hunter stage.
I did this with:
http://www.metasploit.com/svn/framework3/trunk/modules/exploits/windows/http/xitami_if_mod_since.rb
... because of bad char issues and only 100 odd bytes to use... so I whacked
the payload inside the Host header instead :)
-Patrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework/attachments/20080103/dc60b9fa/attachment.htm
More information about the framework
mailing list