Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File ftp-vsftpd-backdoor

Script types: portrule
Categories: exploit, intrusive, malware, vuln
Download: http://nmap.org/svn/scripts/ftp-vsftpd-backdoor.nse

User Summary

Tests for the presence of the vsFTPd 2.3.4 backdoor reported on 2011-07-04 (CVE-2011-2523). This script attempts to exploit the backdoor using the innocuous id command by default, but that can be changed with the exploit.cmd or ftp-vsftpd-backdoor.cmd script arguments.

References: * http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html * https://dev.metasploit.com/redmine/projects/framework/repository/revisions/13093 * http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2011-2523

Script Arguments

exploit.cmd

or ftp-vsftpd-backdoor.cmd Command to execute in shell (default is id).

unittest.run

See the documentation for the unittest library.

vulns.showall

See the documentation for the vulns library.

Example Usage

nmap --script ftp-vsftpd-backdoor -p 21 <host>

Script Output

PORT   STATE SERVICE
21/tcp open  ftp
| ftp-vsftpd-backdoor:
|   VULNERABLE:
|   vsFTPd version 2.3.4 backdoor
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2011-2523  OSVDB:73573
|     Description:
|       vsFTPd version 2.3.4 backdoor, this was reported on 2011-07-04.
|     Disclosure date: 2011-07-03
|     Exploit results:
|       The backdoor was already triggered
|       Shell command: id
|       Results: uid=0(root) gid=0(root) groups=0(root)
|     References:
|       http://osvdb.org/73573
|       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523
|       http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html
|_      https://dev.metasploit.com/redmine/projects/framework/repository/revisions/13093

Requires


Author: Daniel Miller

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]