Script ftp-proftpd-backdoor

Script types: portrule
Categories: exploit, intrusive, malware, vuln
Download: https://svn.nmap.org/nmap/scripts/ftp-proftpd-backdoor.nse

Script Summary

Tests for the presence of the ProFTPD 1.3.3c backdoor reported as BID 45150. This script attempts to exploit the backdoor using the innocuous id command by default, but that can be changed with the ftp-proftpd-backdoor.cmd script argument.

Script Arguments

ftp-proftpd-backdoor.cmd

Command to execute in shell (default is id).

Example Usage

nmap --script ftp-proftpd-backdoor -p 21 <host>

Script Output

PORT   STATE SERVICE
21/tcp open  ftp
| ftp-proftpd-backdoor:
|   This installation has been backdoored.
|   Command: id
|   Results: uid=0(root) gid=0(wheel) groups=0(wheel)
|_

Requires

• ftp
• nmap
• shortport
• stdnse

---

Author:

• Mak Kolybabi

License: Same as Nmap--See https://nmap.org/book/man-legal.html