Re: [framework] Encoding Payloads

I'm not familiar with the book, but...

On Wed, Nov 10, 2010 at 9:44 AM, Jeffs <jeffs@speakeasy.net> wrote:

> My first question is with the first sentence. When it is stated you pass a
> whole array of all possible characters that can be sent, how is it that you
> determine which ones were modified after the application has received them.

I assume the material is implying that you have control of the target
application and you can just hook up it to a debugger and see what
gets passed and what doesn't.

> My second question is, believe it or not!, with the second sentence. Is
> there some kind of master list or more expedited way of making an assumption
> about what characters certain applications most like modify/avoid?

Again, depends on the application and function. The two classical
examples are avoiding \x00 when you're dealing with a function that
null terminates strings (C-like things), and avoiding spaces when
you're dealing with command arguments that are space-delimited (like
plaintext protocols like IMAP).
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

• This message: [ Message body ]
• Next message: Robin Wood: "Re: [framework] passing LHOST IP on command line"
• Previous message: Jonathan Cran: "Re: [framework] passing LHOST IP on command line"
• In reply to: Jeffs: "Re: [framework] Encoding Payloads"
• Next in thread: Joshua J. Drake: "Re: [framework] Encoding Payloads"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]