Encoders

Encoders are used to avoid detection of a payload when it gets delivered to the target system or application. To view a list of encoders in Metasploit, we can use the following command:

Show encoders  

The most well-known encoder is x86/shikata_ga_nai. This is a polymorphic XOR additive feedback encoder, which means that it generates a different output every time. It was the hardest to detect when it first came out, and it is still pretty handy when used with multiple iterations. However, iterations must be used carefully and always tested first as they may not work as expected, and after every iteration the size of the payload increases.

We will also look at some encoders in later chapters.