Byte XORi Encoder - Metasploit
This page contains detailed information about how to use the encoder/mipsle/byte_xori metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: Byte XORi Encoder
Module: encoder/mipsle/byte_xori
Source code: modules/encoders/mipsle/byte_xori.rb
Disclosure date: -
Last modification time: 2018-12-18 16:30:47 +0000
Supported architecture(s): mipsle
Supported platform(s): All
Target service / protocol: -
Target network port(s): -
List of CVEs: -
Mips Web server exploit friendly xor encoder. This encoder has been found useful on situations where '&' (0x26) is a badchar. Since 0x26 is the xor's opcode on MIPS architectures, this one is based on the xori instruction.
Module Ranking and Traits
Module Ranking:
- normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.
Basic Usage
msf > use encoder/mipsle/byte_xori
msf encoder(byte_xori) > show targets
... a list of targets ...
msf encoder(byte_xori) > set TARGET target-id
msf encoder(byte_xori) > show options
... show and set options ...
msf encoder(byte_xori) > exploit
Go back to menu.
Msfconsole Usage
Here is how the encoder/mipsle/byte_xori module looks in the msfconsole:
msf6 > use encoder/mipsle/byte_xori
msf6 encoder(mipsle/byte_xori) > show info
Name: Byte XORi Encoder
Module: encoder/mipsle/byte_xori
Platform: All
Arch: mipsle
Rank: Normal
Provided by:
Julien Tinnes <[email protected]>
juan vazquez <[email protected]>
Pedro Ribeiro <[email protected]>
Description:
Mips Web server exploit friendly xor encoder. This encoder has been
found useful on situations where '&' (0x26) is a badchar. Since 0x26
is the xor's opcode on MIPS architectures, this one is based on the
xori instruction.
Module Options
This is a complete list of options available in the encoder/mipsle/byte_xori module:
msf6 encoder(mipsle/byte_xori) > show options
Module options (encoder/mipsle/byte_xori):
Name Current Setting Required Description
---- --------------- -------- -----------
Advanced Options
Here is a complete list of advanced options supported by the encoder/mipsle/byte_xori module:
msf6 encoder(mipsle/byte_xori) > show advanced
Module advanced options (encoder/mipsle/byte_xori):
Name Current Setting Required Description
---- --------------- -------- -----------
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
Go back to menu.
Error Messages
This module may fail with the following error messages:
Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.
The payload being encoded is too long (<STATE.BUF.LENGTH> bytes)
Here is a relevant code snippet related to the "The payload being encoded is too long (<STATE.BUF.LENGTH> bytes)" error message:
39: def decoder_stub(state)
40:
41: # add 4 number of passes for the space reserved for the key, at the end of the decoder stub
42: # (see commented source)
43: number_of_passes=state.buf.length+4
44: raise EncodingError.new("The payload being encoded is too long (#{state.buf.length} bytes)") if number_of_passes > 32766
45:
46: # 16-bits not (again, see also commented source)
47: reg_14 = (number_of_passes+1)^0xFFFF
48: reg_5 = state.buf.length^0xFFFF
49:
Go back to menu.
Related Pull Requests
- #11141 Merged Pull Request: Fix byte_xori encoder
- #8716 Merged Pull Request: Print_Status -> Print_Good (And OCD bits 'n bobs)
- #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
- #6655 Merged Pull Request: use MetasploitModule as a class name
- #6648 Merged Pull Request: Change metasploit class names
- #5374 Merged Pull Request: Implements msfvenom --smallest
- #2849 Merged Pull Request: Fix MIPS encoder architecture
- #2601 Merged Pull Request: Add Mipsle xori byte encoder
Go back to menu.
See Also
Check also the following modules related to this module:
- encoder/mipsle/longxor
- encoder/mipsbe/byte_xori
- encoder/mipsbe/longxor
- encoder/ppc/longxor
- encoder/ppc/longxor_tag
- encoder/sparc/longxor_tag
- encoder/x64/xor
- encoder/x64/xor_context
- encoder/x64/xor_dynamic
- encoder/x86/bloxor
- encoder/x86/call4_dword_xor
- encoder/x86/xor_dynamic
Authors
- Julien Tinnes <julien[at]cr0.org>
- juan vazquez
- Pedro Ribeiro <[email protected]>
Version
This page has been produced using Metasploit Framework version 6.1.24-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.