|Main Archive Page > Month Archives > metasploit-framework archives|
I'm not familiar with the book, but...
On Wed, Nov 10, 2010 at 9:44 AM, Jeffs <email@example.com> wrote:
> My first question is with the first sentence. When it is stated you pass a
> whole array of all possible characters that can be sent, how is it that you
> determine which ones were modified after the application has received them.
I assume the material is implying that you have control of the target
application and you can just hook up it to a debugger and see what
gets passed and what doesn't.
> My second question is, believe it or not!, with the second sentence. Is
> there some kind of master list or more expedited way of making an assumption
> about what characters certain applications most like modify/avoid?
Again, depends on the application and function. The two classical
examples are avoiding \x00 when you're dealing with a function that
null terminates strings (C-like things), and avoiding spaces when
you're dealing with command arguments that are space-delimited (like
plaintext protocols like IMAP).