Objective: To execute a remote command execution (RCE) exploit against a backdoored FTP service to gain unauthorized administrative access to the target host.

1. Exploitation Strategy

The target was identified as running vsftpd 2.3.4, which is susceptible to CVE-2011-2523. This vulnerability allows an attacker to trigger a shell by sending a specific sequence (a smiley face :)) in the FTP username. I utilized the Metasploit Framework (MSF) to automate the delivery and management of this exploit.

2. Technical Execution & Configuration

A critical part of this activity was the precise configuration of the Exploit Payload. I mapped the “Local Host” (Attacker) and “Remote Host” (Victim) to ensure the reverse connection bypassed potential networking errors.

Module VariableValuePurpose
Exploit Moduleunix/ftp/vsftpd_234_backdoorThe specific code targeting the vsftpd backdoor.
RHOSTS192.168.56.101The target infrastructure IP address.
LHOST192.168.56.1The attacker’s IP on the vboxnet0 interface.
Payloadcmd/unix/interactThe method of interacting with the spawned shell.

3. Attack Lifecycle

  1. Module Selection: Initialized msfconsole and loaded the vsftpd_234_backdoor module.
  2. Environmental Validation: Ran show options to confirm all parameters (IPs and Ports) were correctly set to avoid “noisy” or failed attempts.
  3. Payload Delivery: Executed the exploit command. The framework automatically handled the “handshake” and identified the triggered shell on Port 6200.
  4. Session Establishment: Successfully opened Meterpreter Session 1, providing a high-level command-and-control (C2) interface.

4. Key Commands Used

  • msfconsole: To launch the penetration testing framework.
  • use exploit/unix/ftp/vsftpd_234_backdoor: Loading the specific vulnerability module.
  • set RHOSTS 192.168.56.101: Aiming the exploit at the target.
  • exploit: Running the attack and establishing the connection.

RESOURCES_NODE_01
Screenshot
Caption: Configuration of the exploit module parameters prior to execution.

RESOURCES_NODE_01
Screenshot
Caption: Successful exploitation of CVE-2011-2523, resulting in a remote shell session.

5. Professional Impact

This activity demonstrates the ability to translate “Research” into “Action.” By successfully managing a Metasploit session, I proved proficiency in Remote Access Tooling. Furthermore, the transition from an unauthenticated FTP request to a full system shell highlights the catastrophic impact that unpatched, backdoored software can have on an organization’s security posture.