Exploit Payloads

From Metasploit Unleashed
Jump to: navigation, search

Select an encoder:

  • Must not touch certain registers
  • Must be under the max size
  • Must avoid BadChars
  • Encoders are ranked

Select a nop generator:

  • Tries the most random one first
  • Nops are also ranked

Encoding Example

  • The defined Payload Space is 900 bytes
  • The Payload is 300 bytes long
  • The Encoder stub adds another 40 bytes to the payload
  • The Nops will then fill in the remaining 560 bytes bringing the final payload.encoded size to 900 bytes
  • The nop padding can be avoided by adding 'DisableNops' => true to the exploit

Payload Block Options

As is the case for most things in the Framework, payloads can be tweaked by exploits.

  • 'StackAdjustment' prefixes "sub esp" code
  • 'MinNops', 'MaxNops', 'DisableNops'
  • 'Prefix' places data before the payload
  • 'PrefixEncoder' places it before the stub

These options can also go into the Targets block, allowing for different BadChars for targets and allows Targets to hit different architectures and OS.

Exploit Development > Exploit Payloads