Porting a Python-based exploit
We just saw that we can import a Perl-based exploit into the Metasploit framework. Let's now get our hands onto a Python-based exploit.
Dismantling the existing exploit
We are going to port an exploit for Xitami Web Server 2.5b4 in this section. A publically available Python-driven exploit for this application is available at http://www.exploit-db.com. This exploit is authored by Glafkos Charalambous. We can download the exploit and its corresponding vulnerable application from http://www.exploit-db.com/exploits/17361/. Now, when we run this exploit, it gives us back the successful completion of it and asks us to establish a connection to port 1337 to gain a command prompt at the target. Let's see the process:
Now, let's make a telnet connection to port 1337 and check if we are able to gain the command prompt at the target:
As we can see in the following screenshot, after sending the telnet command to the victim, we can easily gain the command prompt at the target...
