Use Rex::Proto::DCERPC::Response

wvu · wvu · commit 6e253a5be71b · 2017-05-29T21:58:03.000-05:00
diff --git a/modules/exploits/windows/smb/ms17_010_eternalblue.rb b/modules/exploits/windows/smb/ms17_010_eternalblue.rb
@@ -257,8 +257,10 @@ def verify_arch
     return true if !datastore['VerifyArch']
 
     pkt = Rex::Proto::DCERPC::Packet.make_bind(
-      'e1af8308-5d1f-11c9-91a4-08002b14a0fa', '3.0', # Abstract Syntax: EPMv4 V3.0
-      '71710533-beba-4937-8319-b5dbef9ccc36', '1.0'  # Transfer Syntax[1]: 64bit NDR V1
+      # Abstract Syntax: EPMv4 V3.0
+      'e1af8308-5d1f-11c9-91a4-08002b14a0fa', '3.0',
+      # Transfer Syntax[1]: 64bit NDR V1
+      '71710533-beba-4937-8319-b5dbef9ccc36', '1.0'
     ).first
 
     sock = connect(false,
@@ -270,13 +272,24 @@ def verify_arch
     res = sock.get_once
     disconnect(sock)
 
-    return false if res.nil?
+    begin
+      resp = Rex::Proto::DCERPC::Response.new(res)
+    rescue Rex::Proto::DCERPC::Exceptions::InvalidPacket => e
+      print_error(e.to_s)
+      return false
+    end
 
     case target_arch.first
     when ARCH_X64
-      (ret = true) if res[36] == "\x00" # Ack result: Acceptance (0)
+      # Ack result: Acceptance (0)
+      if resp.ack_result.first == 0
+        ret = true
+      end
     when ARCH_X86
-      (ret = true) if res[36] != "\x00" # Ack result: Provider rejection (2)
+      # Ack result: Provider rejection (2)
+      if resp.ack_result.first != 0
+        ret = true
+      end
     end
 
     if ret
