[framework] DCE/RPC in Metasploit

Brian Caswell bmc at shmoo.com
Sun Dec 17 17:39:20 CST 2006

On Dec 15, 2006, at 5:53 PM, Krpata, Tyler wrote:
> It's probably partly your code that I, err, "borrowed" then... :)


	NDR.long(8) + NDR.long(0) + NDR.long(8) + "\\\x00\\\x00P\x00W\x00N 

Equiv to:


BTW, this is bad form, its trivial for lame IDS signature writers to  
trigger off of and claim they provide protection.


  	NDR.long(payload.length/2) + NDR.long(0) + NDR.long(payload.length/ 
2) +  payload

Is equiv to:


The bit you commented "not sure what this does" is for handling the  
"did I exploit the box" conditions for one of the DCERPC exploits.   
You should replace that chunk of code with what the service returns  
on success or failure of your exploit.


More information about the framework mailing list