Metasploit mailing list archives
access payload variable with non default encoder
From: patrick at aushack.com (Patrick Webster)
Date: Thu, 3 Jan 2008 10:19:29 +1100
Slightly OT, but if you have issues with bad chars and space, you may be able use the EggHunter instead. Store the payload in a different section of memory, then overwrite EIP with the egg hunter stage. I did this with: http://www.metasploit.com/svn/framework3/trunk/modules/exploits/windows/http/xitami_if_mod_since.rb ... because of bad char issues and only 100 odd bytes to use... so I whacked the payload inside the Host header instead :) -Patrick -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20080103/dc60b9fa/attachment.htm>
Current thread:
- access payload variable with non default encoder Patrick Webster (Jan 02)