Hello everyone.
After scanning my site, I noticed that the FTP Port (21) is open and so I decided to use the exploit "vsftpd234backdoor" and PAYLOAD "cmd/unix/Interact" to enter the Server Shell the site in question using as RHOST the IP address of the site concerned hosted by myself free on my local server.
But the problem is that when I use this feat (vsftpd234backdoor), I get the error below:
*****************************************
msf exploit(vsftpd234backdoor) > exploit
* Banner: 220---------- Welcome to Pure-FTPd privsep TLS ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 14:40. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 15 minutes of inactivity.
* USER: 331 User p:) OK. Password required
* Exploit completed, but no session was created.
msf exploit(vsftpd234backdoor) > exploit
*****************************************
1 - So what is this error and how to bypass this error above ???
2 - Or do you think that this is not the most ideal PAYLOAD (cmd / unix / interact) to achieve this feat and penetrate the shell of the system that I use ???
Thank you for helping me to know what is the basic error there.
3 Responses
Let's start at the beginning. Is this FTP server vulnerable to this attack?
I do not know but I just noticed that the FTP Port is open so I guess it is vulnerable ???
Or do you think that there is another way to check the vulnerability if it is not by Port opened ???
The port being open only means that the service is running, not that it is vulnerable.
Share Your Thoughts