Allow FTP server exploits pick a PASV port

Tod Beardsley · Tod Beardsley · commit d8cf45ef67e1 · 2014-10-27T22:21:54.000-05:00
This makes it somewhat easier to use FTP server exploit modules in
somewhat more restrictive networks, where you might only have a few
inbound ports to choose from.
diff --git a/lib/msf/core/exploit/ftpserver.rb b/lib/msf/core/exploit/ftpserver.rb
@@ -22,7 +22,8 @@ def initialize(info = {})
     # Register the options that all FTP exploits may make use of.
     register_options(
       [
-        OptPort.new('SRVPORT',    [ true, "The local port to listen on.", 21 ])
+        OptPort.new('SRVPORT',    [ true, "The local port to listen on.", 21 ]),
+        OptPort.new('PASVPORT',   [ false, "The local PASV data port to listen on (0 is random)", 0 ])
       ], Msf::Exploit::Remote::FtpServer)
   end
 
@@ -172,7 +173,7 @@ def passive_data_port_for_client(c)
     if(not @state[c][:passive_sock])
       s = Rex::Socket::TcpServer.create(
         'LocalHost' => '0.0.0.0',
-        'LocalPort' => 0,
+        'LocalPort' => datastore['PASVPORT'].to_i,
         'Context'   => { 'Msf' => framework, 'MsfExploit' => self }
       )
 
