S4E

Proftpd Backdoor Checker

If you are using PROFTPD for FTP server, it is better to check your system for a backdoor vulnerability that emerged in the past years.

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

5 seconds

Time Interval

2 months 4 weeks

Scan only one

Domain, IPv4

Toolbox

-
Proftpd Backdoor Checker

What is FTP ?

FTP (File Transfer Protocol) is a TCP-based protocol that enables file transfer between the server and the client. There is various software that offers FTP service. PROFTPD is one of this software and it has an interesting story.


What is ProFTP Backdoor Vulnerability ?

In 2010, cyber attackers managed to place a backdoor code snippet to ProFTPD 1.3.3c version source code. Attackers logged in to all systems using this 1.3.3.c version with this backdoor and did unauthorised operations.

This vulnerability not only enabled attackers to access the files but also toaccess to user rights with the highest authorisation.

If you installed ProFTPD 1.3.3c version with changed source code in 2010, you might be impacted by this vulnerability. You don’t need to worry. You can easily check for free whether your server is impacted by this vulnerability from s4e.io.


How To Check ProFTP Backdoor Vulnerability ?

You can check ProFTP Backdoor vulnerability with our free and online ProFTP Backdoor Vulnerability Checker tool. To do this, you can start by typing your domain name in the form on top of the page and start scanning.

Or you can run nmap --script ftpproftpd-backdoor -p 21 Target_Host command on nmap tool which can be installed to all operating systems.

Additionally, you can use proftpd_133c_backdoor exploit module of “Metasploit Framework” software on Linux or OS X operating system to check the vulnerability.

Lastly, you can check manually. If your FTP server is impacted from this vulnerability, you will have a result similar to the following:

	$ telnet 172.19.0.100 21
	Trying 172.19.0.100...
	Connected to 172.19.0.100.
	Escape character is '^]'.
	220 ProFTPD 1.3.3c Server (ProFTPD Default Installation) [172.19.0.100]
	HELP ACIDBITCHEZ
	id;
	uid=0(root) gid=0(root) groupes=65534(nogroup)
	^]
Get started to protecting your Free Full Security Scan