[framework-hackers] [PATCH] Fix Exploit::Remote::Ftp handling for long banners

Mon, 13 Oct 2008 23:51:47 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey guys,

I've attached a patch to fix the initial banner grabbing in 
Exploit::Remote::Ftp.

Currently get_once is called, but this isn't good enough for longer FTP
banners.  I switched it to simply get and it works fine.

I found this while writing another module which I'll email soon.  The problem
was that the FTP server responds with a multi-line banner, and since the
get_once won't grab the entire thing, responses essentially get backed up.

So, for example, connect_login gets confused when it reads a 220 in "response"
to the username (when it's actually from the banner), and then reads a 331
(the actual response to the username) thinking it's in response to the
password sent.

Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSPQ/j/9K37xXYl36AQL17Q//d/Dv7PFVtPmlAyxBwl1ixtAJ7sqRWmrU
qYVq06GRVMa0PBjktGpULOm885tOQGQtySOvO6TTBQ2TnXb+uX2Yohpo74U1QZa7
s/h11ywXR8yLyJYEdOokzeF2YDxLtLSL5q9IhCVNg6sB6BlQ1fjfxTLLZqvQPs61
Bz0v8PiLuWJgEPPK1JlkstdEl9kGvMC5HrJJvJliRklWl3q6bYOtZoJCjLNzrxe5
ie9EgixPGoY6+xpcEXznleq+AoEAmxRGMviQ98LhxEkVcf3KwgiTq7EdAh0jWBqV
FP8unBLyRzZLqRfbRXzqCYd8a9j20QkGR807FYQQP3dSwigH9m1R4g6tIur6OwoZ
jS+qSGmuhvpMbCD3M0dy+5CJajvICH3QIHnPLFsj8hJfspMR4n6bK7miZ+0MTXqj
T19IUondGfmW1LpsT6toFMc2klaCmKhV2+fKiyj46z3tEl9eszyfrL+kNJr3KDaY
b+WMxN5lIaYdKnznqSkVsQUYBpdcTB96oFXUZiSGlQWE8vAXnbLdzuxRLQpeef1l
WmpwGdlhH2Q/UYLjPDoxGHHPd6YqgXCBF6aHZRf5lsPefQ4nQG7tJ0hUSndvgfSv
hIMpDwkFPSFPJI0O6x4d4jH2Po3Z7lBNRa6q61MpIxsDozt9bz16BY5mRym4HMvj
rnsi3sqniSw=
=/dlC
-----END PGP SIGNATURE-----

Index: lib/msf/core/exploit/ftp.rb
===================================================================
--- lib/msf/core/exploit/ftp.rb	(revision 5749)
+++ lib/msf/core/exploit/ftp.rb	(working copy)
@@ -39,7 +39,7 @@
 		fd = super(global)
 	
 		# Wait for a banner to arrive...
-		self.banner = fd.get_once
+		self.banner = fd.get
 
 		print_status("Connected to target FTP server.") if verbose
 	

_______________________________________________
Framework-Hackers mailing list
Framework-Hackers@spool.metasploit.com
http://spool.metasploit.com/mailman/listinfo/framework-hackers

Reply via email to