Metasploit mailing list archives
Re: Encoder PexFnstenvSub
From: Pedro Drimel <pedrodrimel () gmail com>
Date: Mon, 23 Nov 2009 14:00:26 -0200
It is actually a badchars issue. I compared the output I had with the one generated with 2.7 version and it's different. Probably, in the past I had to deal with badchars but don't remember what I did. Tried to run into my buffer the following: string = ("\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e" "\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d" "\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c" "\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b" "\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a" "\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9" "\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8" "\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff") Put a breakpoint into the memory address which performs a JMP ESP but it didn't work, if I just put some NOPs or a calc.exe it works. Thanks in advance. Regards, Pedro. 2009/11/23 HD Moore <hdm () metasploit com>:
On Mon, 2009-11-23 at 12:18 -0200, Pedro Drimel wrote:Hello everyone, I used to use metasploit:55555 to generate payloads however the servers seems to be offline. I would like through command like msfpayload the same encoder as "PexFnstenvSub", I think it is x86/fnstenv_mov but didn't work as the another one. What is the encoder PexFnstenvSub?The metasploit:55555 server is just msfweb from Metasploit 2.7, you can download and run it yourself if you like, but there are really good reasons for it being offline: 1) The payloads do not work on newer versions of Windows 2) The payloads do not work with newer CPUs with NX support 3) The payloads have since been improved (reliability) and shrunk The supported way is msfpayload with msfencode, the "pexfnstenvsub" encode was not directly ported, but x86/fnstenv_mov is pretty close to it. In most cases you do not need to set the encoder, just set the bad character list in msfencode (-b '\x00'). If x86/fnstenv_mov is not working, please file a bug. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Encoder PexFnstenvSub Pedro Drimel (Nov 23)
- Re: Encoder PexFnstenvSub HD Moore (Nov 23)
- Re: Encoder PexFnstenvSub Pedro Drimel (Nov 23)
- Re: Encoder PexFnstenvSub Rob Fuller (Nov 23)
- Re: Encoder PexFnstenvSub Pedro Drimel (Nov 23)
- Re: Encoder PexFnstenvSub HD Moore (Nov 23)
- Re: Encoder PexFnstenvSub Pedro Drimel (Nov 23)
- Re: Encoder PexFnstenvSub Pedro Drimel (Nov 23)
- Re: Encoder PexFnstenvSub HD Moore (Nov 23)