From 8afe6a906141c448f786cf23f24ad3dc6d7415dc Mon Sep 17 00:00:00 2001 From: wchen-r7 Date: Wed, 15 Mar 2017 16:14:41 -0500 Subject: [PATCH] Update easy_file_sharing_ftp and add documentation --- .../scanner/ftp/easy_file_sharing_ftp.md | 27 +++++++++++++++++++ .../scanner/ftp/easy_file_sharing_ftp.rb | 8 +++--- 2 files changed, 31 insertions(+), 4 deletions(-) create mode 100644 documentation/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp.md diff --git a/documentation/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp.md b/documentation/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp.md new file mode 100644 index 0000000000..8899e1a7df --- /dev/null +++ b/documentation/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp.md @@ -0,0 +1,27 @@ +This module exploits a directory traversal vulnerability in Easy File Sharing FTP Server 3.6, or +prior. It abuses the RETR command in FTP in order to retrieve a file outside the shared directory. + +By default, anonymous access is allowed by the FTP server. + +## Vulnerable Application + +Easy File Sharing FTP Server version 3.6 or prior should be affected. You can download the +vulnerable application from the official website: + +http://www.efssoft.com/efsfs.exe + +## Options + +Since the FTP server allows anonymous access, by default, you only need to configure: + +**RHOSTS** + +The FTP server IP address. + +**PATH** + +The file you wish to download. Assume this path starts from C:\ + +## Demonstration + +![ftp](https://cloud.githubusercontent.com/assets/1170914/23971054/4fdc2b08-099a-11e7-88ea-67a678628e49.gif) diff --git a/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp.rb b/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp.rb index edbb40b3de..f7bfed8ee1 100644 --- a/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp.rb +++ b/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp.rb @@ -13,7 +13,7 @@ class MetasploitModule < Msf::Auxiliary def initialize(info = {}) super(update_info(info, - 'Name' => 'Easy File Sharing FTP Server Version 3.6 and Earlier Directory Traversal Information Disclosure', + 'Name' => 'Easy File Sharing FTP Server 3.6 Directory Traversal', 'Description' => %q{ This module exploits a directory traversal vulnerability found in Easy File Sharing FTP Server Version 3.6 and Earlier. This vulnerability allows an attacker to download arbitrary files from the server by crafting @@ -43,7 +43,7 @@ class MetasploitModule < Msf::Auxiliary begin connect if /Easy File Sharing FTP Server/i === banner - return Exploit::CheckCode::Appears + return Exploit::CheckCode::Detected end ensure disconnect @@ -58,7 +58,7 @@ class MetasploitModule < Msf::Auxiliary connect_login sock = data_connect if sock.nil? - error_msg = __FILE__ <<'::'<< __method__.to_s << ':' << 'data_connect failed; posssible invalid response' + error_msg = 'data_connect failed; posssible invalid response' print_status(error_msg) elog(error_msg) else @@ -72,7 +72,7 @@ class MetasploitModule < Msf::Auxiliary # read the file data from the socket that we opened # dont assume theres still a sock to read from. Per #7582 if sock.nil? - error_msg = __FILE__ <<'::'<< __method__.to_s << ':' << 'data_connect failed; posssible invalid response' + error_msg = 'data_connect failed; posssible invalid response' print_status(error_msg) elog(error_msg) return