Avoid underscore/tolower - Metasploit
This page contains detailed information about how to use the encoder/x86/avoid_underscore_tolower metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: Avoid underscore/tolower
Module: encoder/x86/avoid_underscore_tolower
Source code: modules/encoders/x86/avoid_underscore_tolower.rb
Disclosure date: -
Last modification time: 2017-07-24 06:26:21 +0000
Supported architecture(s): x86
Supported platform(s): All
Target service / protocol: -
Target network port(s): -
List of CVEs: CVE-2012-2329
Underscore/tolower Safe Encoder used to exploit CVE-2012-2329. It is a modified version of the 'Avoid UTF8/tolower' encoder by skape. Please check the documentation of the skape encoder before using it. As the original, this encoder expects ECX pointing to the start of the encoded payload. Also BufferOffset must be provided if needed. The changes introduced are (1) avoid the use of the 0x5f byte (underscore) in because it is a badchar in the CVE-2012-2329 case and (2) optimize the transformation block, having into account more relaxed conditions about bad characters greater than 0x80.
Module Ranking and Traits
Module Ranking:
- manual: The exploit is unstable or difficult to exploit and is basically a DoS. This ranking is also used when the module has no use unless specifically configured by the user (e.g.: exploit/windows/smb/psexec). More information about ranking can be found here.
Basic Usage
msf > use encoder/x86/avoid_underscore_tolower
msf encoder(avoid_underscore_tolower) > show targets
... a list of targets ...
msf encoder(avoid_underscore_tolower) > set TARGET target-id
msf encoder(avoid_underscore_tolower) > show options
... show and set options ...
msf encoder(avoid_underscore_tolower) > exploit
Go back to menu.
Msfconsole Usage
Here is how the encoder/x86/avoid_underscore_tolower module looks in the msfconsole:
msf6 > use encoder/x86/avoid_underscore_tolower
msf6 encoder(x86/avoid_underscore_tolower) > show info
Name: Avoid underscore/tolower
Module: encoder/x86/avoid_underscore_tolower
Platform: All
Arch: x86
Rank: Manual
Provided by:
skape <[email protected]>
juan vazquez <[email protected]>
Description:
Underscore/tolower Safe Encoder used to exploit CVE-2012-2329. It is
a modified version of the 'Avoid UTF8/tolower' encoder by skape.
Please check the documentation of the skape encoder before using it.
As the original, this encoder expects ECX pointing to the start of
the encoded payload. Also BufferOffset must be provided if needed.
The changes introduced are (1) avoid the use of the 0x5f byte
(underscore) in because it is a badchar in the CVE-2012-2329 case
and (2) optimize the transformation block, having into account more
relaxed conditions about bad characters greater than 0x80.
Module Options
This is a complete list of options available in the encoder/x86/avoid_underscore_tolower module:
msf6 encoder(x86/avoid_underscore_tolower) > show options
Module options (encoder/x86/avoid_underscore_tolower):
Name Current Setting Required Description
---- --------------- -------- -----------
Advanced Options
Here is a complete list of advanced options supported by the encoder/x86/avoid_underscore_tolower module:
msf6 encoder(x86/avoid_underscore_tolower) > show advanced
Module advanced options (encoder/x86/avoid_underscore_tolower):
Name Current Setting Required Description
---- --------------- -------- -----------
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
Go back to menu.
Related Pull Requests
- #8716 Merged Pull Request: Print_Status -> Print_Good (And OCD bits 'n bobs)
- #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
- #6655 Merged Pull Request: use MetasploitModule as a class name
- #6648 Merged Pull Request: Change metasploit class names
- #2525 Merged Pull Request: Change module boilerplate
- #1241 Merged Pull Request: Removed all $Id$ and $Revision$ occurences
- #487 Merged Pull Request: Added module plus encoder for CVE-2012-2329
Go back to menu.
See Also
Check also the following modules related to this module:
- encoder/x86/add_sub
- encoder/x86/alpha_mixed
- encoder/x86/alpha_upper
- encoder/x86/avoid_utf8_tolower
- encoder/x86/bloxor
- encoder/x86/bmp_polyglot
- encoder/x86/call4_dword_xor
- encoder/x86/context_cpuid
- encoder/x86/context_stat
- encoder/x86/context_time
- encoder/x86/countdown
- encoder/x86/fnstenv_mov
- encoder/x86/jmp_call_additive
- encoder/x86/nonalpha
- encoder/x86/nonupper
- encoder/x86/opt_sub
- encoder/x86/service
- encoder/x86/shikata_ga_nai
- encoder/x86/single_static_bit
- encoder/x86/unicode_mixed
- encoder/x86/unicode_upper
- encoder/x86/xor_dynamic
Related Nessus plugins:
- PHP 5.4.x < 5.4.3 Multiple Vulnerabilities
- FreeBSD : php -- multiple vulnerabilities (59b68b1e-9c78-11e1-b5e0-000c299b62e1)
- HP System Management Homepage < 7.2.1.0 Multiple Vulnerabilities (BEAST)
Authors
- skape
- juan vazquez
Version
This page has been produced using Metasploit Framework version 6.1.27-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.