Skip to content

mspotless/vstfpd-2.3.4-exploit-lab

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 

Repository files navigation

As part of my ongoing home lab practice and gaining exposure in ethical hacking and penetration testing, I recently explored a known vulnerability in VSFTPD v2.3.4 on Metasploitable 2, a deliberately vulnerable Linux virtual machine used for practicing offensive security techniques. This vulnerability is a backdoor that was intentionally planted by a malicious actor in the source code of VSFTPD 2.3.4. When triggered, it opens a root shell on port 6200, granting system-level access. I used Kali Linux running on VirtualBox And the Target machine was Metasploitable 2 (also on Vmare) I connected both vms using Host-only networking for isolation and controlled testing. I then Scan Target for Open Ports I began by scanning the Metasploitable 2 target using Nmap: nmap -sS -sV 192.168.56.101 This revealed port 21 (FTP) was open and running VSFTPD 2.3.4: 21/tcp open ftp vsftpd 2.3.4 I then Launch the Exploit via Metasploit and then launched Metasploit Framework msfconsole Loaded the relevant exploit module: use exploit/unix/ftp/vsftpd_234_backdoor Set the target IP addres and also setting the RHOST 192.168.56….. Then, I executed the exploit: Backdoor service has been spawned Command shell session 1 opened A command shell was opened—as root! I now Confirm Root Access whoami And the Output was root Which confirmed root-level access to the target system. I solely conducted in a controlled lab environment for educational purposes only. Unauthorized access to systems you do not own or have explicit permission to test is illegal and unethical. This help me Understanding how attackers exploit real-world vulnerabilities like VSFTPD 2.3.4, mitigation techniques such as: Patching outdated software Disabling unnecessary services Enabling proper firewall configurations Vulnerabilities in software versions can be fatal when left unpatched. Always scan, identify, and validate software versions and their potential exposures. Tools like Nmap and Metasploit are powerful for demonstrating proof-of-concept attacks in ethical hacking lab

About

educational lab work through for exploiting VSTFPD

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors