Python exploit for vsftpd 2.3.4 - Backdoor Command Execution# CVE-2011-2523 - vsftpd 2.3.4 Exploit
### Description
Very Secure FTP Daemon (vsftpd) is an FTP server for Unix-like platforms, including Linux. It is distributed under the terms of the GNU General Public Licence. It supports IPv6 as well as SSL.
It was revealed in July 2011 that vsftpd version 2.3.4, which could be downloaded from the master site, had been compromised. Users login onto a hacked vsftpd-2.3.4 server can acquire a command shell on port 6200 by entering a:) smileyface as the username. This was not a security flaw in vsftpd; rather, someone had uploaded a separate version of vsftpd that had a backdoor. The site has since been migrated to Google App Engine.
### Requirements
```
sudo apt update
sudo apt install python3
sudo apt install python3-pip
pip install argparse
```
### Installation
```
git clone https://github.com/Lynk4/CVE-2011-2523.git
cd ./CVE-2011-2523
chmod +x exploit.py
```
### Usage
```
python3 exploit.py -host Target_IP
```
### Test
You can test the exploit on [Metasploitable2](https://sourceforge.net/projects/metasploitable/files/Metasploitable2/)
[4.0K] /data/pocs/aea5cad6446218997a8f15c62a6ec10ec6d78b3a
├── [1.2K] exploit.py
├── [1.0K] LICENSE
└── [1.2K] README.md
0 directories, 3 files