Video Demonstration : Vsftpd backdoor discovered by Mathias Kresin
2.3.4 of vsftpd's downloadable source code was compromised and a backdoor added to the code. Evans, the author of vsftpd . This module exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was present in the vsftpd-2.3.4.tar.gz archive sometime before July 3rd 2011.

The bad tarball included a backdoor in the code which would respond to a user logging in with a user name ":)" by listening on port 6200 for a connection and launching a shell when someone connects. Read more here

Affected versions :
vsftpd-2.3.4 from 2011-06-30

Metasploit demo :
use exploit/unix/ftp/vsftpd_234_backdoor
set RHOST localhost
set PAYLOAD cmd/unix/interact
uname -a

Video Demonstration :

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.