XOR Encoder - Metasploit
This page contains detailed information about how to use the encoder/mipsbe/longxor metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: XOR Encoder
Module: encoder/mipsbe/longxor
Source code: modules/encoders/mipsbe/longxor.rb
Disclosure date: -
Last modification time: 2018-12-18 13:35:16 +0000
Supported architecture(s): mipsbe
Supported platform(s): All
Target service / protocol: -
Target network port(s): -
List of CVEs: -
Mips Web server exploit friendly xor encoder
Module Ranking and Traits
Module Ranking:
- normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.
Basic Usage
msf > use encoder/mipsbe/longxor
msf encoder(longxor) > show targets
... a list of targets ...
msf encoder(longxor) > set TARGET target-id
msf encoder(longxor) > show options
... show and set options ...
msf encoder(longxor) > exploit
Go back to menu.
Msfconsole Usage
Here is how the encoder/mipsbe/longxor module looks in the msfconsole:
msf6 > use encoder/mipsbe/longxor
msf6 encoder(mipsbe/longxor) > show info
Name: XOR Encoder
Module: encoder/mipsbe/longxor
Platform: All
Arch: mipsbe
Rank: Normal
Provided by:
Julien Tinnes <[email protected]>
Pedro Ribeiro <[email protected]>
Description:
Mips Web server exploit friendly xor encoder
Module Options
This is a complete list of options available in the encoder/mipsbe/longxor module:
msf6 encoder(mipsbe/longxor) > show options
Module options (encoder/mipsbe/longxor):
Name Current Setting Required Description
---- --------------- -------- -----------
Advanced Options
Here is a complete list of advanced options supported by the encoder/mipsbe/longxor module:
msf6 encoder(mipsbe/longxor) > show advanced
Module advanced options (encoder/mipsbe/longxor):
Name Current Setting Required Description
---- --------------- -------- -----------
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
Go back to menu.
Error Messages
This module may fail with the following error messages:
Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.
The payload being encoded is too long (<STATE.BUF.LENGTH> bytes)
Here is a relevant code snippet related to the "The payload being encoded is too long (<STATE.BUF.LENGTH> bytes)" error message:
33: #
34: def decoder_stub(state)
35:
36: # add one xor operation for the key (see comment below)
37: number_of_passes=state.buf.length/4+1
38: raise EncodingError.new("The payload being encoded is too long (#{state.buf.length} bytes)") if number_of_passes > 10240
39: raise EncodingError.new("The payload is not padded to 4-bytes (#{state.buf.length} bytes)") if state.buf.length%4 != 0
40:
41: # 16-bits not (again, see below)
42: reg_10 = (number_of_passes+1)^0xFFFF
43: reg_5 = state.buf.length^0xFFFF
The payload is not padded to 4-bytes (<STATE.BUF.LENGTH> bytes)
Here is a relevant code snippet related to the "The payload is not padded to 4-bytes (<STATE.BUF.LENGTH> bytes)" error message:
34: def decoder_stub(state)
35:
36: # add one xor operation for the key (see comment below)
37: number_of_passes=state.buf.length/4+1
38: raise EncodingError.new("The payload being encoded is too long (#{state.buf.length} bytes)") if number_of_passes > 10240
39: raise EncodingError.new("The payload is not padded to 4-bytes (#{state.buf.length} bytes)") if state.buf.length%4 != 0
40:
41: # 16-bits not (again, see below)
42: reg_10 = (number_of_passes+1)^0xFFFF
43: reg_5 = state.buf.length^0xFFFF
44: decoder = Metasm::Shellcode.assemble(Metasm::MIPS.new(:big), <<EOS).encoded.data
Go back to menu.
Related Pull Requests
- #11140 Merged Pull Request: Make longxor encoder great again
- #8716 Merged Pull Request: Print_Status -> Print_Good (And OCD bits 'n bobs)
- #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
- #6655 Merged Pull Request: use MetasploitModule as a class name
- #6648 Merged Pull Request: Change metasploit class names
- #5374 Merged Pull Request: Implements msfvenom --smallest
- #2525 Merged Pull Request: Change module boilerplate
- #1241 Merged Pull Request: Removed all $Id$ and $Revision$ occurences
Go back to menu.
See Also
Check also the following modules related to this module:
- encoder/mipsbe/byte_xori
- encoder/mipsle/byte_xori
- encoder/mipsle/longxor
- encoder/ppc/longxor
- encoder/ppc/longxor_tag
- encoder/sparc/longxor_tag
- encoder/x64/xor
- encoder/x64/xor_context
- encoder/x64/xor_dynamic
- encoder/x86/bloxor
- encoder/x86/call4_dword_xor
- encoder/x86/xor_dynamic
Authors
- Julien Tinnes <julien[at]cr0.org>
- Pedro Ribeiro <[email protected]>
Version
This page has been produced using Metasploit Framework version 6.1.24-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.
