Land #6954, Fix the available size of payload for exploit/.../payload_inject
commit
e29d5b9efe
|
@ -30,7 +30,7 @@ module Payload::Linux::BindTcp
|
|||
}
|
||||
|
||||
# Generate the more advanced stager if we have the space
|
||||
unless self.available_space.nil? || required_space > self.available_space
|
||||
if self.available_space && required_space < self.available_space
|
||||
conf[:exitfunk] = datastore['EXITFUNC'],
|
||||
conf[:reliable] = true
|
||||
end
|
||||
|
|
|
@ -33,7 +33,7 @@ module Payload::Linux::ReverseTcp
|
|||
}
|
||||
|
||||
# Generate the advanced stager if we have space
|
||||
unless self.available_space.nil? || required_space > self.available_space
|
||||
if self.available_space && required_space < self.available_space
|
||||
conf[:exitfunk] = datastore['EXITFUNC']
|
||||
conf[:reliable] = true
|
||||
end
|
||||
|
|
|
@ -34,7 +34,7 @@ module Payload::Windows::BindTcp
|
|||
}
|
||||
|
||||
# Generate the more advanced stager if we have the space
|
||||
unless self.available_space.nil? || required_space > self.available_space
|
||||
if self.available_space && required_space < self.available_space
|
||||
conf[:exitfunk] = datastore['EXITFUNC'],
|
||||
conf[:reliable] = true
|
||||
end
|
||||
|
|
|
@ -32,7 +32,7 @@ module Payload::Windows::BindTcpRc4
|
|||
}
|
||||
|
||||
# Generate the more advanced stager if we have the space
|
||||
unless self.available_space.nil? || required_space > self.available_space
|
||||
if self.available_space && required_space < self.available_space
|
||||
conf[:exitfunk] = datastore['EXITFUNC'],
|
||||
conf[:reliable] = true
|
||||
end
|
||||
|
|
|
@ -50,7 +50,7 @@ module Payload::Windows::ReverseHttp
|
|||
}
|
||||
|
||||
# Add extra options if we have enough space
|
||||
unless self.available_space.nil? || required_space > self.available_space
|
||||
if self.available_space && required_space < self.available_space
|
||||
conf[:url] = luri + generate_uri
|
||||
conf[:exitfunk] = datastore['EXITFUNC']
|
||||
conf[:ua] = datastore['MeterpreterUserAgent']
|
||||
|
|
|
@ -34,7 +34,7 @@ module Payload::Windows::ReverseTcp
|
|||
}
|
||||
|
||||
# Generate the advanced stager if we have space
|
||||
unless self.available_space.nil? || required_space > self.available_space
|
||||
if self.available_space && required_space < self.available_space
|
||||
conf[:exitfunk] = datastore['EXITFUNC']
|
||||
conf[:reliable] = true
|
||||
end
|
||||
|
|
|
@ -38,7 +38,7 @@ module Payload::Windows::ReverseTcpDns
|
|||
}
|
||||
|
||||
# Generate the advanced stager if we have space
|
||||
unless self.available_space.nil? || required_space > self.available_space
|
||||
if self.available_space && required_space < self.available_space
|
||||
conf[:exitfunk] = datastore['EXITFUNC']
|
||||
conf[:reliable] = true
|
||||
end
|
||||
|
|
|
@ -34,7 +34,7 @@ module Payload::Windows::ReverseTcpRc4
|
|||
}
|
||||
|
||||
# Generate the advanced stager if we have space
|
||||
unless self.available_space.nil? || required_space > self.available_space
|
||||
if self.available_space && required_space < self.available_space
|
||||
conf[:exitfunk] = datastore['EXITFUNC']
|
||||
conf[:reliable] = true
|
||||
end
|
||||
|
|
|
@ -34,7 +34,7 @@ module Payload::Windows::ReverseTcpRc4Dns
|
|||
}
|
||||
|
||||
# Generate the advanced stager if we have space
|
||||
unless self.available_space.nil? || required_space > self.available_space
|
||||
if self.available_space && required_space < self.available_space
|
||||
conf[:exitfunk] = datastore['EXITFUNC']
|
||||
conf[:reliable] = true
|
||||
end
|
||||
|
|
|
@ -36,7 +36,7 @@ module Payload::Windows::ReverseWinHttp
|
|||
}
|
||||
|
||||
# Add extra options if we have enough space
|
||||
unless self.available_space.nil? || required_space > self.available_space
|
||||
if self.available_space && required_space < self.available_space
|
||||
conf[:uri] = generate_uri
|
||||
conf[:exitfunk] = datastore['EXITFUNC']
|
||||
conf[:verify_cert_hash] = opts[:verify_cert_hash]
|
||||
|
|
|
@ -32,7 +32,7 @@ module Payload::Windows::BindTcp_x64
|
|||
}
|
||||
|
||||
# Generate the more advanced stager if we have the space
|
||||
unless self.available_space.nil? || required_space > self.available_space
|
||||
if self.available_space && required_space < self.available_space
|
||||
conf[:exitfunk] = datastore['EXITFUNC'],
|
||||
conf[:reliable] = true
|
||||
end
|
||||
|
|
|
@ -54,7 +54,7 @@ module Payload::Windows::ReverseHttp_x64
|
|||
}
|
||||
|
||||
# add extended options if we do have enough space
|
||||
unless self.available_space.nil? || required_space > self.available_space
|
||||
if self.available_space && required_space < self.available_space
|
||||
conf[:url] = luri + generate_uri
|
||||
conf[:exitfunk] = datastore['EXITFUNC']
|
||||
conf[:ua] = datastore['MeterpreterUserAgent']
|
||||
|
|
|
@ -41,7 +41,7 @@ module Payload::Windows::ReverseTcp_x64
|
|||
}
|
||||
|
||||
# Generate the advanced stager if we have space
|
||||
unless self.available_space.nil? || required_space > self.available_space
|
||||
if self.available_space && required_space < self.available_space
|
||||
conf[:exitfunk] = datastore['EXITFUNC']
|
||||
conf[:reliable] = true
|
||||
end
|
||||
|
|
|
@ -37,7 +37,7 @@ module Payload::Windows::ReverseWinHttp_x64
|
|||
}
|
||||
|
||||
# Add extra options if we have enough space
|
||||
unless self.available_space.nil? || required_space > self.available_space
|
||||
if self.available_space && required_space < self.available_space
|
||||
conf[:uri] = generate_uri
|
||||
conf[:exitfunk] = datastore['EXITFUNC']
|
||||
conf[:verify_cert_hash] = opts[:verify_cert_hash]
|
||||
|
|
|
@ -14,24 +14,29 @@ class MetasploitModule < Msf::Exploit::Local
|
|||
|
||||
def initialize(info={})
|
||||
super( update_info( info,
|
||||
'Name' => 'Windows Manage Memory Payload Injection',
|
||||
'Description' => %q{
|
||||
'Name' => 'Windows Manage Memory Payload Injection',
|
||||
'Description' => %q{
|
||||
This module will inject a payload into memory of a process. If a payload
|
||||
isn't selected, then it'll default to a reverse x86 TCP meterpreter. If the PID
|
||||
datastore option isn't specified, then it'll inject into notepad.exe instead.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
[
|
||||
'Carlos Perez <carlos_perez[at]darkoperator.com>',
|
||||
'sinn3r'
|
||||
],
|
||||
'Platform' => [ 'win' ],
|
||||
'Arch' => [ ARCH_X86, ARCH_X86_64 ],
|
||||
'SessionTypes' => [ 'meterpreter' ],
|
||||
'Targets' => [ [ 'Windows', {} ] ],
|
||||
'DefaultTarget' => 0,
|
||||
'DisclosureDate'=> "Oct 12 2011"
|
||||
'Platform' => [ 'win' ],
|
||||
'Arch' => [ ARCH_X86, ARCH_X86_64 ],
|
||||
'SessionTypes' => [ 'meterpreter' ],
|
||||
'Targets' => [ [ 'Windows', {} ] ],
|
||||
'Payload' =>
|
||||
{
|
||||
'Space' => 4096,
|
||||
'DisableNops' => true
|
||||
},
|
||||
'DefaultTarget' => 0,
|
||||
'DisclosureDate' => "Oct 12 2011"
|
||||
))
|
||||
|
||||
register_options(
|
||||
|
|
Loading…
Reference in New Issue