The following article provides the technical details, history, and relevant GitHub links for the most notorious vsftpd exploit, which is version 2.3.4. The Notorious vsftpd 2.3.4 Backdoor (CVE-2011-2523)
using the following terms (filter by "public" and "educational" licenses):
, a version often found in older systems or vulnerable-by-design machines like Metasploitable 2 vsftpd 208 exploit github link
If you're using vsftpd 2.0.8, it's highly recommended to update to a newer version of vsftpd, as the vulnerability has been patched in later versions.
The backdoor is activated when a user attempts to log in with a username that ends in a smiley face ( The Execution: If a user downloaded and compiled this specific
In mid-2011, the official source code for vsftpd version 2.3.4 was briefly replaced with a version containing a malicious backdoor. If a user downloaded and compiled this specific version, an attacker could trigger a shell by simply logging in with a username that ended with a smiley face—specifically :) .
In 2011, the source code of vsftpd version 2.3.4 was compromised on its primary distribution server. A backdoor was added that would open a shell for any user who attempted to log in with a username ending in a smiley face: . # Set the target IP and port target_ip = "192
# Set the target IP and port target_ip = "192.168.1.100" target_port = 21