metasploit-framework/spec/file_fixtures/modules/exploits/existing_auto_target.rb

75 lines
2.8 KiB
Ruby

require 'msf/core'
class MetasploitModule < Msf::Exploit::Remote
include Exploit::Remote::Tcp
Rank = ManualRanking
def initialize(info = {})
super(update_info(info,
'Name' => 'Exploit With Existing Automatic Target',
'Description' => %q{ This module is a test bed for automatic targeting when there is already an auto target. },
'Author' => [ 'thelightcosine' ],
'License' => MSF_LICENSE,
'Privileged' => true,
'DefaultOptions' =>
{
'WfsDelay' => 10,
'EXITFUNC' => 'thread'
},
'Payload' =>
{
'Space' => 3072,
'DisableNops' => true
},
'Platform' => 'win',
'Arch' => [ARCH_X86, ARCH_X64],
'Targets' =>
[
['Automatic Targeting', { 'auto' => true }],
['Windows 2000 Universal',
{
'Ret' => 0x001f1cb0,
'Scratch' => 0x00020408,
}
], # JMP EDI SVCHOST.EXE
#
# Standard return-to-ESI without NX bypass
# Warning: DO NOT CHANGE THE OFFSET OF THIS TARGET
#
['Windows XP SP0/SP1 Universal',
{
'Ret' => 0x01001361,
'Scratch' => 0x00020408,
}
], # JMP ESI SVCHOST.EXE
# Standard return-to-ESI without NX bypass
['Windows 2003 SP0 Universal',
{
'Ret' => 0x0100129e,
'Scratch' => 0x00020408,
}
], # JMP ESI SVCHOST.EXE
# Metasploit's NX bypass for XP SP2/SP3
['Windows XP SP3 English (NX)',
{
'Ret' => 0x6f88f807,
'DisableNX' => 0x6f8917c2,
'Scratch' => 0x00020408
}
]
],
'DisclosureDate' => 'Jan 01 1999'
))
end
def exploit
print_status("This exploit doesn't actually do anything")
end
end