From 3783e27fc744ea014fe39af727f3d9ca3036ae87 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 8 Jan 2006 14:27:59 +0000 Subject: [PATCH] Fixed handler/disconnect order in FTP, fixes to metafile git-svn-id: file:///home/svn/incoming/trunk@3348 4d416f70-5f16-0410-b530-b9f4589650da --- .../exploits/windows/browser/ms06_001_wmf_setabortproc.rb | 8 ++++---- modules/exploits/windows/ftp/3cdaemon_ftp_user.rb | 2 +- modules/exploits/windows/ftp/freeftpd_user.rb | 3 +-- modules/exploits/windows/ftp/globalscapeftp_input.rb | 2 +- modules/exploits/windows/ftp/netterm_netftpd_user.rb | 3 +-- modules/exploits/windows/ftp/oracle9i_xdb_ftp_pass.rb | 2 +- modules/exploits/windows/ftp/oracle9i_xdb_ftp_unlock.rb | 2 +- modules/exploits/windows/ftp/servu_mdtm.rb | 2 +- modules/exploits/windows/ftp/slimftpd_list_concat.rb | 2 +- modules/exploits/windows/ftp/warftpd_165_user.rb | 2 +- modules/exploits/windows/ftp/wsftp_server_503_mkd.rb | 4 ++-- 11 files changed, 15 insertions(+), 17 deletions(-) diff --git a/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb b/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb index a6a04d9656..904ec0fb1c 100644 --- a/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb +++ b/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb @@ -65,13 +65,13 @@ class Exploits::Windows::Browser::MS06_001_WMF_SETABORTPROC < Msf::Exploit::Remo def on_request_uri(cli, request) - ext = 'emf' + ext = 'tiff' - if (not request.uri.match(/\.emf$/i)) + if (not request.uri.match(/\.tiff$/i)) html = - "One second please..." send_response(cli, html) return diff --git a/modules/exploits/windows/ftp/3cdaemon_ftp_user.rb b/modules/exploits/windows/ftp/3cdaemon_ftp_user.rb index 951927f9f1..22815faf03 100644 --- a/modules/exploits/windows/ftp/3cdaemon_ftp_user.rb +++ b/modules/exploits/windows/ftp/3cdaemon_ftp_user.rb @@ -87,8 +87,8 @@ class Exploits::Windows::Ftp::ThreeCeeDaemonFTPUserOverflow < Msf::Exploit::Remo send_cmd( ['USER', buf] , false ) - disconnect handler + disconnect end end diff --git a/modules/exploits/windows/ftp/freeftpd_user.rb b/modules/exploits/windows/ftp/freeftpd_user.rb index fa0ef3a87e..c2a2b3c364 100644 --- a/modules/exploits/windows/ftp/freeftpd_user.rb +++ b/modules/exploits/windows/ftp/freeftpd_user.rb @@ -83,9 +83,8 @@ class Exploits::Windows::Ftp::FreeFTPDUserOverflow < Msf::Exploit::Remote send_cmd( ['USER', buf] , false) - disconnect - handler + disconnect end end diff --git a/modules/exploits/windows/ftp/globalscapeftp_input.rb b/modules/exploits/windows/ftp/globalscapeftp_input.rb index 2d5c9f9f41..1b2fb342ff 100644 --- a/modules/exploits/windows/ftp/globalscapeftp_input.rb +++ b/modules/exploits/windows/ftp/globalscapeftp_input.rb @@ -55,8 +55,8 @@ class Exploits::Windows::Ftp::GlobalScapeInputOverflow < Msf::Exploit::Remote send_cmd( [buf] ) - disconnect handler + disconnect end end diff --git a/modules/exploits/windows/ftp/netterm_netftpd_user.rb b/modules/exploits/windows/ftp/netterm_netftpd_user.rb index ce35c8aba9..f479f7664e 100644 --- a/modules/exploits/windows/ftp/netterm_netftpd_user.rb +++ b/modules/exploits/windows/ftp/netterm_netftpd_user.rb @@ -102,9 +102,8 @@ class Exploits::Windows::Ftp::NetTermNetFTPOverflow < Msf::Exploit::Remote send_cmd( ["USER #{buf}"] ) send_cmd( ['HELP'] ) - disconnect - handler + disconnect end end diff --git a/modules/exploits/windows/ftp/oracle9i_xdb_ftp_pass.rb b/modules/exploits/windows/ftp/oracle9i_xdb_ftp_pass.rb index b3d1b0dc85..b39094dca4 100644 --- a/modules/exploits/windows/ftp/oracle9i_xdb_ftp_pass.rb +++ b/modules/exploits/windows/ftp/oracle9i_xdb_ftp_pass.rb @@ -75,8 +75,8 @@ class Exploits::Windows::Ftp::Oracle9iXDPPassOverflow < Msf::Exploit::Remote send_cmd( ['USER', usr], true ) send_cmd( ['PASS', buf], false ) - disconnect handler + disconnect end end diff --git a/modules/exploits/windows/ftp/oracle9i_xdb_ftp_unlock.rb b/modules/exploits/windows/ftp/oracle9i_xdb_ftp_unlock.rb index 9ed08a3194..dcac0fe8df 100644 --- a/modules/exploits/windows/ftp/oracle9i_xdb_ftp_unlock.rb +++ b/modules/exploits/windows/ftp/oracle9i_xdb_ftp_unlock.rb @@ -74,8 +74,8 @@ class Exploits::Windows::Ftp::Oracle9iXDBUnlockOverflow < Msf::Exploit::Remote send_cmd( ['UNLOCK', '/', buf] , false ) - disconnect handler + disconnect end end diff --git a/modules/exploits/windows/ftp/servu_mdtm.rb b/modules/exploits/windows/ftp/servu_mdtm.rb index e75f02b981..ce86a5d9ca 100644 --- a/modules/exploits/windows/ftp/servu_mdtm.rb +++ b/modules/exploits/windows/ftp/servu_mdtm.rb @@ -176,8 +176,8 @@ class Exploits::Windows::Ftp::ServUMDTMOverflow < Msf::Exploit::Remote send_cmd( [buf], false ) - disconnect handler + disconnect end def double_ff? diff --git a/modules/exploits/windows/ftp/slimftpd_list_concat.rb b/modules/exploits/windows/ftp/slimftpd_list_concat.rb index de2f0fb7ed..14c76f371a 100644 --- a/modules/exploits/windows/ftp/slimftpd_list_concat.rb +++ b/modules/exploits/windows/ftp/slimftpd_list_concat.rb @@ -60,8 +60,8 @@ class Exploits::Windows::Ftp::SlimFTPdListConcatOverflow < Msf::Exploit::Remote send_cmd( ['CWD', '41414141'], true ); send_cmd( ['LIST', buf], false ) - disconnect handler + disconnect end end diff --git a/modules/exploits/windows/ftp/warftpd_165_user.rb b/modules/exploits/windows/ftp/warftpd_165_user.rb index 943e70737b..6de7e94e7c 100644 --- a/modules/exploits/windows/ftp/warftpd_165_user.rb +++ b/modules/exploits/windows/ftp/warftpd_165_user.rb @@ -74,9 +74,9 @@ class Exploits::Windows::Ftp::WarFtpd165 < Msf::Exploit::Remote send_cmd( ['USER', buf] , false ) - disconnect handler + disconnect end end diff --git a/modules/exploits/windows/ftp/wsftp_server_503_mkd.rb b/modules/exploits/windows/ftp/wsftp_server_503_mkd.rb index 365bd51409..c257dda85b 100644 --- a/modules/exploits/windows/ftp/wsftp_server_503_mkd.rb +++ b/modules/exploits/windows/ftp/wsftp_server_503_mkd.rb @@ -69,9 +69,9 @@ class Exploits::Windows::Ftp::WSFTPDMKDOverflow < Msf::Exploit::Remote buf[524, payload.encoded.length] = payload.encoded send_cmd( ['MKD', buf], true ); - + + handler disconnect - handler end end