VSFTPD 2.3.4 Vulnerabilities: A Hacker's Perspective

Some programs come with backdoors embed in them,I am going to show you how to go about exploiting these.

Firstly,we will use a tool called Nmap which will allow us to discover which ports and services are running on the machine. For this example I will be using Metasploitable 2.

To Install Nmap on Linux

>> sudo apt-get install nmap

To Install Nmap on Windows

Let's start!

Step 1.

We will start off by calling Nmap and run this against our machine, in this case our IP is 10.0.2.6.

After our Nmap scan has completed we can see our machine is running quite a few servers on it,

for example we can see that it is running ftp on port 21 and ssh on port 22.

Step 2.

We can easily access this machine via FTP as this allows an Anonymous login, but we are going to take a different approach by executing a Backdoor Command Execution.

To start, let us do a quick google search on the version to see if there is any exploits already available to us.

We can see that Rapid7 has already found and provided some documention to show us how to execute this via metasploit, so let's start!

After we run this command, we will then follow up by running the show options command which will provided us with all the options availble.

We must firstly set our TARGET which we can set to 0.

We can see that this payload only takes two arguments, the RHOSTS and RPORT, which is set to the default port 21.

Once we have all our options filled in, we can then continue to execute this payload by running the command exploit.

We have now succesfully gained access into the machine via a Backdoor Command Execution !

Commands used

Hashtags

#hacking #hacker #cybersecurity #ethicalhacking #hackers #linux #programming #hack #technology #kalilinux #security #coding #infosec #python #tech #hackingtools #ethicalhacker #pentesting #cyber #malware #programmer #computerscience #cybercrime #cyberattack #informationsecurity #hacked #anonymous #cybersecurityawareness #coder #metasploit