Metasploit mailing list archives
bad char issue
From: hdm at metasploit.com (H D Moore)
Date: Thu, 25 Oct 2007 21:45:02 -0500
The only known case of this happening is users of the msfweb interface who are not running the latest version. In all other instances, Metasploit does not change the data you send via the sock.put() and other calls. If by payload, you mean the actual shellcode, one way to verify this is to modify the exploit module in question to do a hex-dump of the encoded shellcode: print_line Rex::Text.to_hex_dump(payload.encoded) More than likely, it is the application that is breaking or modifying your code. Another possibility is that the ESP register is too close to your data, so stack operations (push, etc) done by the nop sled results in corruption of your payload. If this is the case (are you using a jmp esp?), make sure you pass a 'StackAdjustment' => -3500 block in the Payload info hash element of your module (many modules do this). -HD On Thursday 25 October 2007, Muhaimin Dzulfakar wrote:
I found the metasploit itself change one of the character in my payload not the vulnerable application. I confirmed this by sniffing the packet.The changed character was \xb2 which had been changed to \x44. I dont think I've to add that character under BadChar as It's not the application which change my payload but my exploit code.How that could happen ?
Current thread:
- bad char issue Muhaimin Dzulfakar (Oct 25)
- bad char issue H D Moore (Oct 25)