require 'msf/core'

class MetasploitModule < Msf::Exploit::Remote
  include Exploit::Remote::Tcp

  Rank = ManualRanking

  def initialize(info = {})
    super(update_info(info,
                      'Name'           => 'Exploit With Existing Automatic Target',
                      'Description'    => %q{ This module is a test bed for automatic targeting when there is already an auto target. },
                      'Author'         => [ 'thelightcosine' ],
                      'License'        => MSF_LICENSE,
                      'Privileged'     => true,
                      'DefaultOptions' =>
                        {
                          'WfsDelay'     => 10,
                          'EXITFUNC' => 'thread'
                        },
                      'Payload'        =>
                        {
                          'Space'        => 3072,
                          'DisableNops'  => true
                        },
                      'Platform'       => 'win',
                      'Arch'           => [ARCH_X86, ARCH_X64],
                      'Targets'        =>
                        [
                          ['Automatic Targeting', { 'auto' => true }],
                          ['Windows 2000 Universal',
                           {
                             'Ret'       => 0x001f1cb0,
                             'Scratch'   => 0x00020408,
                           }
                          ], # JMP EDI SVCHOST.EXE

                          #
                          # Standard return-to-ESI without NX bypass
                          # Warning: DO NOT CHANGE THE OFFSET OF THIS TARGET
                          #
                          ['Windows XP SP0/SP1 Universal',
                           {
                             'Ret'       => 0x01001361,
                             'Scratch'   => 0x00020408,
                           }
                          ], # JMP ESI SVCHOST.EXE

                          # Standard return-to-ESI without NX bypass
                          ['Windows 2003 SP0 Universal',
                           {
                             'Ret'       => 0x0100129e,
                             'Scratch'   => 0x00020408,
                           }
                          ], # JMP ESI SVCHOST.EXE
                          # Metasploit's NX bypass for XP SP2/SP3
                          ['Windows XP SP3 English (NX)',
                           {
                             'Ret'       => 0x6f88f807,
                             'DisableNX' => 0x6f8917c2,
                             'Scratch'   => 0x00020408
                           }
                          ]

                        ],
                      'DisclosureDate' => 'Jan 01 1999'
          ))
  end

  def exploit
    print_status("This exploit doesn't actually do anything")

  end


end