From eb4e3f8a324e2a4224faf04613fa3a8bfaf25948 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Thu, 12 Dec 2013 07:39:19 -0600
Subject: [PATCH] Fix os detection

---
 modules/exploits/windows/local/ms_ndproxy.rb | 22 +++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/modules/exploits/windows/local/ms_ndproxy.rb b/modules/exploits/windows/local/ms_ndproxy.rb
index 0262562888..d34a7d2406 100644
--- a/modules/exploits/windows/local/ms_ndproxy.rb
+++ b/modules/exploits/windows/local/ms_ndproxy.rb
@@ -287,18 +287,26 @@ class Metasploit3 < Msf::Exploit::Local
       return Exploit::CheckCode::Detected
     end
 
-    os = sysinfo["OS"]
-    unless os =~ /windows xp/i or os =~ /[2003|.net server].*service pack 2/i
-      return Exploit::CheckCode::Safe
-    end
-
     handle = open_device("\\\\.\\NDProxy")
     if handle.nil?
       return Exploit::CheckCode::Safe
     end
     session.railgun.kernel32.CloseHandle(handle)
 
-    return Exploit::CheckCode::Appears
+    os = sysinfo["OS"]
+    case os
+    when /windows xp.*service pack 3/i
+      return Exploit::CheckCode::Appears
+    when /[2003|.net server].*service pack 2/i
+      return Exploit::CheckCode::Appears
+    when /windows xp/i
+      return Exploit::CheckCode::Detected
+    when /[2003|.net server]/i
+      return Exploit::CheckCode::Detected
+    else
+      return Exploit::CheckCode::Safe
+    end
+
   end
 
   def exploit
@@ -316,7 +324,7 @@ class Metasploit3 < Msf::Exploit::Local
     if target.name =~ /Automatic/
       print_status("Detecting the target system...")
       os = sysinfo["OS"]
-      if os =~ /windows xp/i
+      if os =~ /windows xp.*service pack 3/i
         my_target = targets[1]
         print_status("Running against #{my_target.name}")
       elsif ((os =~ /2003/) and (os =~ /service pack 2/i))