Rapid7 Vulnerability & Exploit Database

Avoid underscore/tolower

Back to Search

Avoid underscore/tolower



Underscore/tolower Safe Encoder used to exploit CVE-2012-2329. It is a modified version of the 'Avoid UTF8/tolower' encoder by skape. Please check the documentation of the skape encoder before using it. As the original, this encoder expects ECX pointing to the start of the encoded payload. Also BufferOffset must be provided if needed. The changes introduced are (1) avoid the use of the 0x5f byte (underscore) in because it is a badchar in the CVE-2012-2329 case and (2) optimize the transformation block, having into account more relaxed conditions about bad characters greater than 0x80.


  • skape <mmiller@hick.org>
  • juan vazquez <juan.vazquez@metasploit.com>






Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security