Skip to content

Latest commit

 

History

History
40 lines (23 loc) · 2.18 KB

README.md

File metadata and controls

40 lines (23 loc) · 2.18 KB

README: Exploit for VSFTP 2.3.4

This Python script is designed to exploit a backdoor vulnerability present in VSFTP version 2.3.4. The exploit grants unauthorized access to the system running this particular version of VSFTP.

Usage To use this exploit script, follow these steps:

Clone Repository: Clone the repository containing the exploit script to your local machine.

Install Dependencies: Ensure that you have the required dependencies installed. This script utilizes the pwn library. You can install it using pip:

bash

pip install pwntools Run the Script: Execute the script with the IP address of the target machine as the argument. Optionally, you can also provide the port number if it's different from the default port 21.

bash

python exploit.py <IP_ADDRESS> [PORT]

Description This script exploits a backdoor vulnerability in VSFTP version 2.3.4. Here's how the exploit works:

Triggering Backdoor: The script connects to the VSFTP server and checks its version. If the version matches 2.3.4, it sends specially crafted USER and PASS commands to trigger the backdoor.

Obtaining Shell Access: After successfully triggering the backdoor, the script establishes a connection to the backdoor port (6200) and gains shell access to the target system.

Notes Target Compatibility: This exploit script specifically targets VSFTP version 2.3.4. Ensure that the target system is running this exact version for the exploit to work.

Security Implications: Using this script to exploit vulnerabilities in systems without proper authorization may be illegal and unethical. Ensure that you have appropriate permissions before using this script in any environment.

Customization: Feel free to customize the script according to your needs or extend its functionality. However, ensure that any modifications comply with applicable laws and ethical guidelines.

Disclaimer This script is provided for educational and research purposes only. The author takes no responsibility for any misuse or damage caused by the use of this script. Use it at your own risk and discretion.

Credits This project was developed as a part of learning. This exploit script was originally developed by [Hellsender01].