module
Avoid underscore/tolower
| Disclosed | Created |
|---|---|
| N/A | 2018-05-30 |
Disclosed
N/A
Created
2018-05-30
Description
Underscore/tolower Safe Encoder used to exploit CVE-2012-2329. It is a
modified version of the 'Avoid UTF8/tolower' encoder by skape. Please check
the documentation of the skape encoder before using it. As the original,
this encoder expects ECX pointing to the start of the encoded payload. Also
BufferOffset must be provided if needed.
The changes introduced are (1) avoid the use of the 0x5f byte (underscore) in
because it is a badchar in the CVE-2012-2329 case and (2) optimize the
transformation block, having into account more relaxed conditions about bad
characters greater than 0x80.
modified version of the 'Avoid UTF8/tolower' encoder by skape. Please check
the documentation of the skape encoder before using it. As the original,
this encoder expects ECX pointing to the start of the encoded payload. Also
BufferOffset must be provided if needed.
The changes introduced are (1) avoid the use of the 0x5f byte (underscore) in
because it is a badchar in the CVE-2012-2329 case and (2) optimize the
transformation block, having into account more relaxed conditions about bad
characters greater than 0x80.
Authors
skape mmiller@hick.org
juan vazquez juan.vazquez@metasploit.com
juan vazquez juan.vazquez@metasploit.com
Platform
All
Architectures
x86
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.