infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #4791, fix ms14-070 CreateFile arguments 

The arguments to CreateFileA used to require that the user had
some level of access on the \\.\tcp device.
bug/bundler_fix
Spencer McIntyre 2015-02-18 17:15:45 -05:00
parent 1099084fb0 e40772efe2
commit fe840635e5
No known key found for this signature in database
GPG Key ID: C00D6B6AA5E15412
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/exploits/windows/local/ms14_070_tcpip_ioctl.rb
View File

@ -68,7 +68,7 @@ class Metasploit3 < Msf::Exploit::Local
return Exploit::CheckCode::Safe return Exploit::CheckCode::Safe
end end
handle = open_device('\\\\.\\tcp', 'FILE_SHARE_WRITE|FILE_SHARE_READ', 0, 'OPEN_EXISTING') handle = open_device('\\\\.\\tcp', 0, 'FILE_SHARE_READ', 'OPEN_EXISTING')
return Exploit::CheckCode::Safe unless handle return Exploit::CheckCode::Safe unless handle
session.railgun.kernel32.CloseHandle(handle) session.railgun.kernel32.CloseHandle(handle)
@ -103,7 +103,7 @@ class Metasploit3 < Msf::Exploit::Local
fail_with(Exploit::Failure::NotVulnerable, "Exploit not available on this system") fail_with(Exploit::Failure::NotVulnerable, "Exploit not available on this system")
end end
handle = open_device('\\\\.\\tcp', 'FILE_SHARE_WRITE|FILE_SHARE_READ', 0, 'OPEN_EXISTING') handle = open_device('\\\\.\\tcp', 0, 'FILE_SHARE_READ', 'OPEN_EXISTING')
if handle.nil? if handle.nil?
fail_with(Failure::NoTarget, "Unable to open \\\\.\\tcp device") fail_with(Failure::NoTarget, "Unable to open \\\\.\\tcp device")
end end