Re: [framework-hackers] [PATCH] Fix Exploit::Remote::Ftp handling for long banners

Tue, 14 Oct 2008 07:24:46 -0700 

Applied. Thanks!

Best regards,


On Tue, 2008-10-14 at 01:43 -0500, Kris Katterjohn wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hey guys,
> 
> I've attached a patch to fix the initial banner grabbing in 
> Exploit::Remote::Ftp.
> 
> Currently get_once is called, but this isn't good enough for longer FTP
> banners.  I switched it to simply get and it works fine.
> 
> I found this while writing another module which I'll email soon.  The problem
> was that the FTP server responds with a multi-line banner, and since the
> get_once won't grab the entire thing, responses essentially get backed up.
> 
> So, for example, connect_login gets confused when it reads a 220 in "response"
> to the username (when it's actually from the banner), and then reads a 331
> (the actual response to the username) thinking it's in response to the
> password sent.
> 
> Thanks,
> Kris Katterjohn
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iQIVAwUBSPQ/j/9K37xXYl36AQL17Q//d/Dv7PFVtPmlAyxBwl1ixtAJ7sqRWmrU
> qYVq06GRVMa0PBjktGpULOm885tOQGQtySOvO6TTBQ2TnXb+uX2Yohpo74U1QZa7
> s/h11ywXR8yLyJYEdOokzeF2YDxLtLSL5q9IhCVNg6sB6BlQ1fjfxTLLZqvQPs61
> Bz0v8PiLuWJgEPPK1JlkstdEl9kGvMC5HrJJvJliRklWl3q6bYOtZoJCjLNzrxe5
> ie9EgixPGoY6+xpcEXznleq+AoEAmxRGMviQ98LhxEkVcf3KwgiTq7EdAh0jWBqV
> FP8unBLyRzZLqRfbRXzqCYd8a9j20QkGR807FYQQP3dSwigH9m1R4g6tIur6OwoZ
> jS+qSGmuhvpMbCD3M0dy+5CJajvICH3QIHnPLFsj8hJfspMR4n6bK7miZ+0MTXqj
> T19IUondGfmW1LpsT6toFMc2klaCmKhV2+fKiyj46z3tEl9eszyfrL+kNJr3KDaY
> b+WMxN5lIaYdKnznqSkVsQUYBpdcTB96oFXUZiSGlQWE8vAXnbLdzuxRLQpeef1l
> WmpwGdlhH2Q/UYLjPDoxGHHPd6YqgXCBF6aHZRf5lsPefQ4nQG7tJ0hUSndvgfSv
> hIMpDwkFPSFPJI0O6x4d4jH2Po3Z7lBNRa6q61MpIxsDozt9bz16BY5mRym4HMvj
> rnsi3sqniSw=
> =/dlC
> -----END PGP SIGNATURE-----
> _______________________________________________
> Framework-Hackers mailing list
> Framework-Hackers@spool.metasploit.com
> http://spool.metasploit.com/mailman/listinfo/framework-hackers

_______________________________________________
Framework-Hackers mailing list
Framework-Hackers@spool.metasploit.com
http://spool.metasploit.com/mailman/listinfo/framework-hackers

Reply via email to