Byte XORi Encoder - Metasploit


This page contains detailed information about how to use the encoder/mipsle/byte_xori metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Table Of Contents
hide

Module Overview

Name: Byte XORi Encoder
Module: encoder/mipsle/byte_xori
Source code: modules/encoders/mipsle/byte_xori.rb
Disclosure date: -
Last modification time: 2018-12-18 16:30:47 +0000
Supported architecture(s): mipsle
Supported platform(s): All
Target service / protocol: -
Target network port(s): -
List of CVEs: -

Mips Web server exploit friendly xor encoder. This encoder has been found useful on situations where '&' (0x26) is a badchar. Since 0x26 is the xor's opcode on MIPS architectures, this one is based on the xori instruction.

Module Ranking and Traits

Module Ranking:

  • normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.

Basic Usage

msf > use encoder/mipsle/byte_xori
msf encoder(byte_xori) > show targets
    ... a list of targets ...
msf encoder(byte_xori) > set TARGET target-id
msf encoder(byte_xori) > show options
    ... show and set options ...
msf encoder(byte_xori) > exploit

Go back to menu.

Msfconsole Usage

Here is how the encoder/mipsle/byte_xori module looks in the msfconsole:

msf6 > use encoder/mipsle/byte_xori

msf6 encoder(mipsle/byte_xori) > show info

       Name: Byte XORi Encoder
     Module: encoder/mipsle/byte_xori
   Platform: All
       Arch: mipsle
       Rank: Normal

Provided by:
  Julien Tinnes <[email protected]>
  juan vazquez <[email protected]>
  Pedro Ribeiro <[email protected]>

Description:
  Mips Web server exploit friendly xor encoder. This encoder has been 
  found useful on situations where '&' (0x26) is a badchar. Since 0x26 
  is the xor's opcode on MIPS architectures, this one is based on the 
  xori instruction.

Module Options

This is a complete list of options available in the encoder/mipsle/byte_xori module:

msf6 encoder(mipsle/byte_xori) > show options

Module options (encoder/mipsle/byte_xori):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------

Advanced Options

Here is a complete list of advanced options supported by the encoder/mipsle/byte_xori module:

msf6 encoder(mipsle/byte_xori) > show advanced

Module advanced options (encoder/mipsle/byte_xori):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   VERBOSE    false            no        Enable detailed status messages
   WORKSPACE                   no        Specify the workspace for this module

Go back to menu.

Error Messages

This module may fail with the following error messages:

Error Messages

Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.

The payload being encoded is too long (<STATE.BUF.LENGTH> bytes)

Here is a relevant code snippet related to the "The payload being encoded is too long (<STATE.BUF.LENGTH> bytes)" error message:

39:	  def decoder_stub(state)
40:	
41:	    # add 4 number of passes  for the space reserved for the key, at the end of the decoder stub
42:	    # (see commented source)
43:	    number_of_passes=state.buf.length+4
44:	    raise EncodingError.new("The payload being encoded is too long (#{state.buf.length} bytes)") if number_of_passes > 32766
45:	
46:	    # 16-bits not (again, see also commented source)
47:	    reg_14 = (number_of_passes+1)^0xFFFF
48:	    reg_5 = state.buf.length^0xFFFF
49:

Go back to menu.

Go back to menu.

See Also

Check also the following modules related to this module:

Authors

Version

This page has been produced using Metasploit Framework version 6.1.24-dev. For more modules, visit the Metasploit Module Library.

Go back to menu.