Select an encoder:
- Must not touch certain registers
- Must be under the max size
- Must avoid BadChars
- Encoders are ranked
Select a nop generator:
- Tries the most random one first
- Nops are also ranked
- The defined Payload Space is 900 bytes
- The Payload is 300 bytes long
- The Encoder stub adds another 40 bytes to the payload
- The Nops will then fill in the remaining 560 bytes bringing the final payload.encoded size to 900 bytes
- The nop padding can be avoided by adding 'DisableNops' => true to the exploit
Payload Block Options
As is the case for most things in the Framework, payloads can be tweaked by exploits.
- 'StackAdjustment' prefixes "sub esp" code
- 'MinNops', 'MaxNops', 'DisableNops'
- 'Prefix' places data before the payload
- 'PrefixEncoder' places it before the stub
These options can also go into the Targets block, allowing for different BadChars for targets and allows Targets to hit different architectures and OS.