Fixes #3466 by detecting a second null handle and breaking the loop (happens with likewise servers)
git-svn-id: file:///home/svn/framework3/trunk@11508 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
8e664b2d41
commit
e776697f38
|
@ -96,7 +96,10 @@ module Exploit::Remote::DCERPC_EPM
|
|||
# NULL handle to start with
|
||||
data = [0, 0, 0, 0, 0, 0, 0, 0, 0, 1].pack("V*")
|
||||
else
|
||||
# Use the existing handle
|
||||
# Break the loop early if we get another NULL handle
|
||||
break if hnd == [0, 0, 0, 0, 1].pack("V*")
|
||||
|
||||
# Use the existing handle if we already have one
|
||||
data = [0, 0, 0, 0, 0].pack("V*") + hnd
|
||||
end
|
||||
|
||||
|
@ -203,6 +206,9 @@ module Exploit::Remote::DCERPC_EPM
|
|||
info[:host].gsub!("\x00", '') if info[:host]
|
||||
|
||||
res << info
|
||||
|
||||
# Handle a buggy response from a Likewise server that can result in a loop otherwise
|
||||
break if hnd == [0, 0, 0, 0, 0, 0, 0, 0, 0, 1].pack("V*")
|
||||
end
|
||||
|
||||
rescue ::Interrupt
|
||||
|
|
Loading…
Reference in New Issue