Skip to content

Latest commit

 

History

History
32 lines (24 loc) · 1.17 KB

README.md

File metadata and controls

32 lines (24 loc) · 1.17 KB

CVE-2011-2523 - vsftpd 2.3.4 Exploit

Description

Very Secure FTP Daemon (vsftpd) is an FTP server for Unix-like platforms, including Linux. It is distributed under the terms of the GNU General Public Licence. It supports IPv6 as well as SSL.

It was revealed in July 2011 that vsftpd version 2.3.4, which could be downloaded from the master site, had been compromised. Users login onto a hacked vsftpd-2.3.4 server can acquire a command shell on port 6200 by entering a:) smileyface as the username. This was not a security flaw in vsftpd; rather, someone had uploaded a separate version of vsftpd that had a backdoor. The site has since been migrated to Google App Engine.

Requirements

sudo apt update
sudo apt install python3
sudo apt install python3-pip
pip install argparse

Installation

git clone https://github.com/Lynk4/CVE-2011-2523.git
cd ./CVE-2011-2523
chmod +x exploit.py

Usage

python3 exploit.py -host Target_IP

ck

Test

You can test the exploit on Metasploitable2