Attention: Windows and msfweb users

[fixer at gci.net (Charles Hamby)]

Attention Windows users:  Please get off your lazy a$$es and learn UNIX.... ;-)

Hey how much was the SSL cert?  If it wasn't too outrageous I might be able to cover it for ya.

-cdh

"No trees were killed in the sending of this message.  However, a large number of electrons were inconvenienced."

----- Original Message -----
From: H D Moore <hdm at metasploit.com>
Date: Monday, April 2, 2007 9:28 pm
Subject: [framework] Attention: Windows and msfweb users
To: framework at metasploit.com

> A serious bug was fixed in the msfweb interface (the default 
> interface on 
> the Windows platform). Please use the 'Online Update' menu item or 
> the 'svn update' command to obtain the latest patches.
>
> The bug was caused by Rails. Specifically, the version of Rails 
> used by 
> the msfweb interface. This version of Rails changes the $KCODE 
> global 
> variable to "u", which forces all strings to be treated as unicode. 
> This 
> is a major problem when it comes to any form of binary string 
> manipulation (ie. shellcode, random text strings, encoders, etc). 
> The 
> solution was to overload the Rails::Initializer class with a new 
> initialize_encoding() method that forces Ruby to stick with plain 
> old 
> ascii strings. This seems to solve the problem and I was able to 
> test out 
> the new ANI exploits from my Windows install of Metasploit.
>
> This is the reason why exploits would randomly fail on Windows (and 
> msfweb), but work perfectly from the command line on Unix systems.
>
> If anyone runs into problem using the ANI exploits from the Windows 
> platform, please let me know ASAP.
>
> -HD