Skip to content

Python exploit for vsftpd 2.3.4 - Backdoor Command Execution

License

Notifications You must be signed in to change notification settings

Lynk4/CVE-2011-2523

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 

Repository files navigation

CVE-2011-2523 - vsftpd 2.3.4 Exploit

Description

Very Secure FTP Daemon (vsftpd) is an FTP server for Unix-like platforms, including Linux. It is distributed under the terms of the GNU General Public Licence. It supports IPv6 as well as SSL.

It was revealed in July 2011 that vsftpd version 2.3.4, which could be downloaded from the master site, had been compromised. Users login onto a hacked vsftpd-2.3.4 server can acquire a command shell on port 6200 by entering a:) smileyface as the username. This was not a security flaw in vsftpd; rather, someone had uploaded a separate version of vsftpd that had a backdoor. The site has since been migrated to Google App Engine.

Requirements

sudo apt update
sudo apt install python3
sudo apt install python3-pip
pip install argparse

Installation

git clone https://github.com/Lynk4/CVE-2011-2523.git
cd ./CVE-2011-2523
chmod +x exploit.py

Usage

python3 exploit.py -host Target_IP

ck

Test

You can test the exploit on Metasploitable2

Releases

No releases published

Packages

No packages published

Languages