Tests for the presence of the ProFTPD 1.3.3c backdoor reported as BID
45150. This script attempts to exploit the backdoor using the innocuous
id command by default, but that can be changed with the
ftp-proftpd-backdoor.cmd script argument.
Command to execute in shell (default is
nmap --script ftp-proftpd-backdoor -p 21 <host>
PORT STATE SERVICE 21/tcp open ftp | ftp-proftpd-backdoor: | This installation has been backdoored. | Command: id | Results: uid=0(root) gid=0(wheel) groups=0(wheel) |_
License: Same as Nmap--See https://nmap.org/book/man-legal.html