CVE-2019-12181

This Metasploit module exploits a privilege escalation vulnerability in Serv-U FTP Server by leveraging improper validation of ARGV[0] in a setuid root binary, allowing arbitrary command execution as root.

This exploit leverages a command injection vulnerability in Serv-U 15.1.6 by passing malicious arguments to the Serv-U binary, resulting in arbitrary command execution and privilege escalation. The PoC uses execv to spawn a root shell via injected commands.

This exploit leverages a local privilege escalation vulnerability in Serv-U FTP Server prior to 15.1.7 by manipulating the binary's execution to copy a root-owned shell to /tmp/sh with SUID permissions. It then launches this shell to gain root privileges.

This repository contains a functional privilege escalation exploit for CVE-2019-12181 in Serv-U FTP 15.1.6. The exploit leverages command injection via the `-prepareinstallation` argument to execute arbitrary commands with elevated privileges.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2019-12181 in Serv-U FTP 15.1.6. The exploit leverages improper argument handling in the Serv-U binary to execute arbitrary commands with elevated privileges.

This Metasploit module exploits a privilege escalation vulnerability in Serv-U FTP Server by leveraging improper validation of the `ARGV[0]` parameter in the `-prepareinstallation` flag, allowing command execution with root privileges.