Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cant strip a nil in iis75 dos #12644

Merged
merged 1 commit into from
Nov 29, 2019
Merged

cant strip a nil in iis75 dos #12644

merged 1 commit into from
Nov 29, 2019

Conversation

h00die
Copy link
Contributor

@h00die h00die commented Nov 29, 2019

Fixes #11670 based on @bcoles suggestion.
Tested and works, the user threw the FTP exploit against HTTPS (assumed on default port), and it could be argued if no FTP banner is resolved, to not throw the exploit, but this will at least keep the module from crashing.

msf5 > service apache2 start
[*] exec: service apache2 start

msf5 > use auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof 
msf5 auxiliary(dos/windows/ftp/iis75_ftpd_iac_bof) > set rhosts 127.0.0.1
rhosts => 127.0.0.1
msf5 auxiliary(dos/windows/ftp/iis75_ftpd_iac_bof) > set rport 80
rport => 80
msf5 auxiliary(dos/windows/ftp/iis75_ftpd_iac_bof) > run
[*] Running module against 127.0.0.1

[-] 127.0.0.1:80 - Auxiliary failed: NoMethodError undefined method `strip' for nil:NilClass
[-] 127.0.0.1:80 - Call stack:
[-] 127.0.0.1:80 -   /metasploit-framework/modules/auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.rb:49:in `run'
[*] Auxiliary module execution completed
msf5 auxiliary(dos/windows/ftp/iis75_ftpd_iac_bof) > rexploit
[*] Reloading module...
[*] Running module against 127.0.0.1

[*] 127.0.0.1:80 - banner: 
[*] Auxiliary module execution completed

@h00die h00die added the bug label Nov 29, 2019
@h00die h00die changed the title dos iis75 nocrash cant strip a nil in iis75 dos Nov 29, 2019
@bcoles bcoles self-requested a review November 29, 2019 12:45
@bcoles bcoles self-assigned this Nov 29, 2019
bcoles added a commit that referenced this pull request Nov 29, 2019
@bcoles
Land #12644, Fix iis75_ftpd_iac_bof crash when returned banner is nil
5fde74d
@bcoles bcoles merged commit f17fe39 into rapid7:master Nov 29, 2019
msjenkins-r7 pushed a commit that referenced this pull request Nov 29, 2019
@bcoles @msjenkins-r7
Land #12644, Fix iis75_ftpd_iac_bof crash when returned banner is nil
eebfd2c
@bcoles bcoles added the rn-fix release notes fix label Nov 29, 2019
@bcoles
Copy link
Contributor

bcoles commented Nov 29, 2019
edited by tdoan-r7
Loading

Release Notes

This fix addresses an issue that caused auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof to crash when the returned banner is nil.

@h00die h00die deleted the fix_11670 branch April 24, 2020 20:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bcoles bcoles bcoles approved these changes

Assignees

@bcoles bcoles

Labels
bug rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Auxiliary failed: NoMethodError undefined method `strip' for nil:NilClass
2 participants
@h00die @bcoles