Exploit vsftpd version 2.3.4

Aside from having a very nice version number (2-3-4), vsftpd 2.3.4 contain a LOLz backdoor that can be exploited easily without using any sophisticated tools (that’s the point of backdoor after all).

What you need:

  • A computer with internet connection
  • ftp client (most linux and windows are delivered with one by default)
  • Netcat (or something similar, netcat is available for both Linux and Windows)
  • Feeling comfortable with terminal and command line

I’ll use a linux machine, but this should work on windows with cmd or powershell as well.

Step 1: Connect to the computer running vsftpd 2.3.4 with your ftp clien

Open your terminal, type the command “ftp <ip address of the target>”

Example: ftp

Step 2: Exploit it

The target will as you for user name, don’t worry, just type in some random text ended with a smiley face. They smiley face is important, you must include it into your fake username or it won’t work.

Like this : asdasdasda:)

Then it will as your for a password, just type in some random text.

Like this: dasdasdasd

The terminal will hang because the target has spawned a listener on its port 6200. So, don’t worry. Just leave it like that and don’t close the terminal. All you need to do now is to connect to port 6200 and get your root.

Step 3: Connect to port 6200

In this article I’ll connect to port 6200 using netcat for simplicity shake, but pls feel free to use what you like and feel comfortable with.

Open another terminal (again, don’t close the terminal above), and type in this command: nc <target’s ip> 6200

Example: nc 6200

You will see that it will return … nothing. Yes, nothing, the terminal is completely empty. But when you type the command “whoami“, it will return “root“.

Congra, you have sucessufully exploited vsftpd 2.3.4 and get root access (the all-powerfull user of a Linux machine)

Windows also has “whoami” command, so you should be fine even if you’re on Windows.

At first, I thought that I should write this into a python script or something to automate the process. But since the it is so simple, I really can’t bring myself to do that. Also, there is a module in Metasploit framework that can do everything for you.

**Tested on Linux and Windows (with Powershell and Netcat)



Simple ping sweeper with Bash

This is a piece of simple code demostrating how to do a ping sweeper using only Bash and ping, which are largely available in most Linux distro. It will ping and write online host IP address to a text file named “ping_result”.

Beware, it will delete the old file “ping_result” before doing the ping. So, it is best that you run it in an empty directory to prevent the risk to losing your file.

This simple piece of code will ping from to You should change it if you want to ping other addresses.



echo &quot;Save to ping_result file in the current directory&quot;

#Check if ping_result file exists
#If it does, delete it to make way for the new file
if test -e ping_result
rm ping_result
echo &quot;File exist. Delete old file. Create new file&quot;

for x in {188..189} #=&gt;range from 188 to 189
for y in {125..130} #range from 125 to 130
#ping on to #write result to ping_result file
ping -c 1 192.168.$x.$y|grep &quot;from&quot;|cut -d &quot; &quot; -f 4| cut -d &quot;:&quot; -f 1&gt;&gt;ping_result


Automatically convert XML to HTML with xsltproc and bash in Linux

After doing nmap, I often convert the XML output to HTML to view in browser.

xsltproc input.xml -o output.html

However, if I want to convert multiple xml files to html, I’ll have to type the command multiple times. That’s rediculously tiredsome. So I decide to write a simple bash file to automatically convert all the xml files in a folder into html files with the same names.


you have following files in /some_folder/

user@linux: ~/some_folder/ls

File1.xml  File2.xml  File3.xml

After running the script, you will have the following file


File1.xml to File1.html

File2.xml to File2.html

File3.xml to File3.html

Don’t worry, the old fils are still there.

Here is my code. It is very basic, does not have the “-help” option, but it will do the work. You can convert directories other than the current directory by input while calling the script, like this:

user@linux: ~/  /some_dir/some_dir/some_dir

The code

#convert all xml to html with the same name
# $1 = directory


if [ $# -eq 0 ]
p_directory=&quot;./&quot; #get director=./ if no directory is inputed

elif [ $# -eq 1 ]
#ADD &quot;/&quot; to the end of the directory
if [ &quot;${p_directory: -1}&quot; != &quot;/&quot; ]

elif [ $# -gt 1 ]
echo \*ERROR\*
echo Input only the directory
exit 1

file_list=$(find $p_directory -type f -name &quot;*.xml&quot;)

echo &quot;Directory: $p_directory&quot;

for file in $(echo $file_list);
p_full_name=$(basename $file)

xsltproc $p_directory$p_full_name -o $p_directory$p_file_name.html
echo &quot;Convert $p_full_name to $p_file_name.html&quot;


#remove var
unset file_list
unset p_directory

I’m pretty sure that there are more simple way to do this, but in the mean time, this is what I can come up with. Hope it is of some help to you. And if you have any suggestion, I’m all ear.

You can download the script file here