Nmap Development mailing list archives
Re: [NSE] Script to detect vsftpd backdoor
From: Henri Doreau <henri.doreau () greenbone net>
Date: Tue, 5 Jul 2011 09:17:44 +0200
2011/7/5 Daniel Miller <bonsaiviking () gmail com>:
Hey list, This was just announced yesterday. References: http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html http://pastebin.com/AetT9sS5 https://dev.metasploit.com/redmine/projects/framework/repository/revisions/13093 Hope this helps someone! The download was available from ~Feb 15 to ~Jul 3 Dan
Hi Daniel, this is great! You were faster than the "SoC NSE vulnerability research team" for this one ;-) I have committed your script as of r24635 with the following changes: - added references in the script description (the diff of the backdoor is available via the blog post, I haven't included this one) - removed a couple unused variables The backdoor, when triggered, will bind a shell on port 6200/tcp. I wonder whether it would make sense to check if the backdoor is already listening before attempting to exploit the server? This is how the metasploit module works. Regards. -- Henri Doreau | Greenbone Networks GmbH | http://www.greenbone.net Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Script to detect vsftpd backdoor Daniel Miller (Jul 04)
- Re: [NSE] Script to detect vsftpd backdoor m k (Jul 04)
- Re: [NSE] Script to detect vsftpd backdoor Henri Doreau (Jul 05)
- Re: [NSE] Script to detect vsftpd backdoor Daniel Miller (Jul 05)
- Re: [NSE] Script to detect vsftpd backdoor Djalal Harouni (Jul 05)
- Re: [NSE] Script to detect vsftpd backdoor Henri Doreau (Jul 05)
- Re: [NSE] Script to detect vsftpd backdoor Djalal Harouni (Jul 05)