Ticket #187 (new defect)

Opened 7 months ago

Last modified 7 months ago

shikata ga nai (and probably other encoders) doesn't look for bad chars

Reported by: snagg@openssl.it Assigned to: hdm
Priority: major Milestone:
Component: framework3 Version:
Keywords: Cc:

Description

I was doing some tests from the webinterface, since I need an encoder for one of my payload I loaded it into metasploit and after that I've tried to encode it with shikata ga nai. the request was:

arameters: {"step"=>"1", "format"=>"c", "commit"=>"Generate", "action"=>"view", "max_size"=>"", "badchars"=>"0x00 ", "controller"=>"payloads", "refname"=>"osx:x86:rfe", "encoder"=>"x86/shikata_ga_nai"}

But in the middle of the payload there were some zeros actually.

Change History

02/04/08 16:36:51 changed by vlad

badchars should be \x00 not 0x00

02/07/08 05:43:24 changed by snagg@openssl.it

Parameters: {"step"=>"1", "format"=>"c", "commit"=>"Generate", "action"=>"view", "max_size"=>"", "badchars"=>"\\x00 ", "controller"=>"payloads", "refname"=>"osx:x86:rfe", "encoder"=>"default"}

this with \x00 and in the payload: [snip] "\xc0\xd0\xaa\x48\x09\x25\xc4\x21\xdc\x23\x00\x12\x8c\x88\x4f" [snip]

This instead with x00

Parameters: {"step"=>"1", "format"=>"c", "commit"=>"Generate", "action"=>"view", "max_size"=>"", "badchars"=>"x00 ", "controller"=>"payloads", "refname"=>"osx:x86:rfe", "encoder"=>"default"}

still it has zeroes in the payload: [snip] "\xd2\xbd\x21\x1b\x34\x39\x00\x5f\x36\xae\x56\x6e\xeb\x7d\x04" [snip]

However giving another try with \x00 it gives out a payload without zeroes. Still I don't think is a "standard" behaviour, is it?