Since we are requiring # frozen_string_literal: true on new files now (see AGENTS.md). The recv_ftp_resp method in the Exploit::Remote::Ftp mixin is failing. This method tries to modify @ftpbuff string (e.g. @ftpbuff << resp, @ftpbuff << left).
Steps to reproduce
How'd you do it?
- Start a vsftp server with docker:
docker run -d --rm -v ${PWD}:/home/vsftpd -p 2020:20 -p 2121:21 -e FTP_USER=myuser -e FTP_PASS=mypass --name vsftpd fauria/vsftpd
- Add
# frozen_string_literal: true at the top of the modules/auxiliary/dos/ftp/vsftpd_232.rb file.
- Run msfconsole
- Load the module:
use auxiliary/dos/ftp/vsftpd_232
- run it:
run verbose=true rhosts=127.0.0.1 rport=2121 username=myuser password=mypass
Were you following a specific guide/tutorial or reading documentation?
No.
Expected behavior
The module runs fine.
Current behavior
It breaks:
msf auxiliary(dos/ftp/vsftpd_232) > run verbose=true rhosts=127.0.0.1 rport=2121 username=myuser password=mypass
[*] Running module against 127.0.0.1
[*] 127.0.0.1:2121 - Running automatic check ("set AutoCheck false" to disable)
[*] 127.0.0.1:2121 - Connecting to FTP server...
[*] 127.0.0.1:2121 - Connected to target FTP server
[*] 127.0.0.1:2121 - FTP banner: vsFTPd 3.0.2
[-] 127.0.0.1:2121 - Auxiliary failed: FrozenError can't modify frozen String: ""
[-] 127.0.0.1:2121 - Call stack:
[-] 127.0.0.1:2121 - /home/msf/src/metasploit-framework/modules/auxiliary/dos/ftp/vsftpd_232.rb:81:in `block in check'
[-] 127.0.0.1:2121 - <internal:kernel>:187:in `loop'
[-] 127.0.0.1:2121 - /home/msf/src/metasploit-framework/modules/auxiliary/dos/ftp/vsftpd_232.rb:74:in `check'
[-] 127.0.0.1:2121 - /home/msf/src/metasploit-framework/lib/msf/core/exploit/remote/auto_check.rb:43:in `with_prepended_auto_check'
[-] 127.0.0.1:2121 - /home/msf/src/metasploit-framework/lib/msf/core/exploit/remote/auto_check.rb:20:in `run'
Metasploit version
Framework: 6.4.141-dev-81648e60715
Console : 6.4.141-dev-81648e60715
Since we are requiring
# frozen_string_literal: trueon new files now (see AGENTS.md). Therecv_ftp_respmethod in theExploit::Remote::Ftpmixin is failing. This method tries to modify@ftpbuffstring (e.g.@ftpbuff << resp,@ftpbuff << left).Steps to reproduce
How'd you do it?
# frozen_string_literal: trueat the top of themodules/auxiliary/dos/ftp/vsftpd_232.rbfile.use auxiliary/dos/ftp/vsftpd_232run verbose=true rhosts=127.0.0.1 rport=2121 username=myuser password=mypassWere you following a specific guide/tutorial or reading documentation?
No.
Expected behavior
The module runs fine.
Current behavior
It breaks:
Metasploit version