Published: 18/05/2015 Updated: 26/05/2021

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The mod_copy module in ProFTPD 1.3.5 allows remote malicious users to read and write to arbitrary files via the site cpfr and site cpto commands.

Vulnerable Product	Search on Vulmon	Subscribe to Product
proftpd proftpd 1.3.5

Debian Bug report logs - #782781 proftpd-dfsg: CVE-2015-3306: unauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy Package: src:proftpd-dfsg; Maintainer for src:proftpd-dfsg is ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianor ...

ProFTPd version 135 remote command execution exploit This is a variant of the original vulnerability discovered in 2015 with credit going to R-73eN ...

# Title: ProFTPd 135 Remote Command Execution # Date : 20/04/2015 # Author: R-73eN # Software: ProFTPd 135 with mod_copy # Tested : Kali Linux 106 # CVE : 2015-3306 # Greetz to Vadim Melihow for all the hard work import socket import sys import requests #Banner banner = "" banner += " ___ __ ____ _ _ \n" ...

Description TJ Saunders 2015-04-07 16:35:03 UTC Vadim Melihow reported a critical issue with proftpd installations that use the mod_copy module's SITE CPFR/SITE CPTO commands; mod_copy allows these commands to be used by *unauthenticated clients*: --------------------------------- Trying 80150216115 Connected to 80150216115 Escape charac ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(up ...

Laboratorios para las formaciones de Ethical Hacking

eHacking_LABS Laboratorios para las formaciones de Ethical Hacking está en la URL githubcom/antsala/eHacking_LABSgit Carpeta 00 Despliegue del laboratorio Laboratorio 00: Preparación del entorno de laboratorio en Windows Los ejercicios a realizar son: Instalación de VirtualBox para Windows Descarga de las OVAs de la VMs Importación y

Desarrollo del CTF JOY

JOY Desarrollo del CTF JOY 1 Configuración de la VM Descargar la VM: wwwvulnhubcom/entry/digitalworldlocal-joy,298/ 2 Escaneo de Puertos 21 Escaneo TCP nmap -n -P0 -p- -sC -sV -O -T5 -oA full 101010144 Nmap scan report for 101010144 Host is up (000062s latency) Not shown: 65523 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp

Converted with tweaks from a metasploit module as an exercise for OSCP studying and exploit development

CVE-2015-3306-Python-PoC This was converted with tweaks from a metasploit module as an exercise for OSCP studying and exploit development It originally came from searching for random remote command execution modules with searchsploit I anaylzed the metasploit code and converted it to python Proof screenshot:

cve-2015-3306 docker image

cve-2015-3306 docker image hackarada/cve-2015-3306 Intended for personal use docker build -t [hackarada/cve-2015-3306] docker run --rm -it -p 21:21 -p 80:80 hackarada/cve-2015-3306

Modified-CVE-2015-3306-Exploit How to Create a php reverse shell Start server to host shell in the same directory (python3 -m httpserver) Start netcat listener on local port of choice example: (nc -nlvp [port of choice]) Run exploit example provided below (python3 modified_CVE_2015_3306py --host [remote host] --port [most likely port 21] --path [/var/www or /var/www/html] --

Exploits the arbitrary file write bug in proftpd (CVE-2015-3306) attempts code execution

propane Exploits the arbitrary file write bug in ProFTPD's mod_copy module (CVE-2015-3306) and attempts code execution

ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container

ProFTPd 135 - (mod_copy) Remote Command Execution ProFTPD is a highly configurable FTP daemon for Unix and Unix-like operating systems ProFTPD grew from a desire for a secure and configurable FTP server It was inspired by a significant admiration of the Apache web server Unlike most other Unix FTP servers, it has not been derived from the old BSD ftpd code base, but is a c

Tool for exploit CVE-2015-3306

cpx_proftpd PoC by Daniel Aldana for CVE-2015-3306 exploitation Bug reported by Vadim Melihow ###METHOD 1: usage: python cpx_proftppy <IP> <REMOTE_ABSOLUTEPATH_SRC_FILE> <REMOTE_ABSOLUTEPATH_DST_FILE> ex: python cpx_proftppy 127001 /etc/passwd /var/www/passtxt

An implementation of CVE-2015-3306

This tool uses a specially craffted chain of commands to exploit CVE-2015-3306 and bypass the authentication system of ProFTPD's mod_copy It can be downloaded here (you will need to run it from the command line) Usage: proftpd_bypass [target] [port] [(l)copy within target/(r)copy to target] [lpath] [rpath]

Laboratorios para las formaciones de Ethical Hacking

eHacking_LABS Laboratorios para las formaciones de Ethical Hacking está en la URL githubcom/ebantula/eHacking_LABSgit Carpeta 00 Despliegue del laboratorio Laboratorio 00: Preparación del entorno de laboratorio en Windows Los ejercicios a realizar son: Instalación de VirtualBox para Windows Descarga de las OVAs de la VMs Importación

Snippets for code wars competition

Stage One - pwning system Create script to exploit vulnerability in given server Steps to exploit Create socket connection with given server Send utf-8 encoded commands via socket: site cpfr /proc/self/cmdline\n site cpto /tmp/<?php echo passthru($_GET['cmd']); ?>\n site cpfr /tmp/<?php echo passthru($_GET['cmd']); ?>\n site cp

cve-2015-3306

CVE-2015-3306 This is part of Cved: a tool to manage vulnerable docker containers Cved: githubcom/git-rep-src/cved Image source: githubcom/cved-sources/cve-2015-3306 Image author: githubcom/t0kx/exploit-CVE-2015-3306

Script that exploits the vulnerability of the ProFTP 1.3.5 service with CVE-2015-3306

ProFTPd-135-mod_copy-Remote-Command-Execution Script that exploits the vulnerability of the ProFTP 135 service with CVE-2015-3306 Usage /ProFTPD_135_RemoteCommandExecutionpy --rhost host --rport_ftp 21 --target_uri / --tmppath /tmp --sitepath /var/www/html --payload payload

CWE-284 https://www.exploit-db.com/exploits/36803/http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157581.html https://www.exploit-db.com/exploits/36742/http://www.securityfocus.com/bid/74238 http://packetstormsecurity.com/files/132218/ProFTPD-1.3.5-Mod_Copy-Command-Execution.html http://packetstormsecurity.com/files/131505/ProFTPd-1.3.5-File-Copy.html http://packetstormsecurity.com/files/131555/ProFTPd-1.3.5-Remote-Command-Execution.html http://packetstormsecurity.com/files/131567/ProFTPd-CPFR-CPTO-Proof-Of-Concept.html http://www.rapid7.com/db/modules/exploit/unix/ftp/proftpd_modcopy_exec http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html http://www.debian.org/security/2015/dsa-3263 http://packetstormsecurity.com/files/162777/ProFTPd-1.3.5-Remote-Command-Execution.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782781 https://nvd.nist.gov https://www.exploit-db.com/exploits/36803/https://github.com/antsala/eHacking_LABS

Get Started

CVE-2015-3306

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect