Tests for the presence of the ProFTPD 1.3.3c backdoor reported as OSVDB-ID 69562. This script attempts to exploit the backdoor using the innocuous
id command by default, but that can be changed with the
ftp-proftpd-backdoor.cmd script argument.
Command to execute in shell (default is
nmap --script ftp-proftpd-backdoor -p 21 <host>
PORT STATE SERVICE 21/tcp open ftp | ftp-proftpd-backdoor: | This installation has been backdoored. | Command: id | Results: uid=0(root) gid=0(wheel) groups=0(wheel) |_
Author: Mak Kolybabi
License: Same as Nmap--See http://nmap.org/book/man-legal.html