Here we are going to look about installing a vulnerable vstfpd service on latest Ubuntu machine and try to exploit and get the reverse shell from Kali Linux machine.
Install vulnerable ftp service from the following GitHub repository.
git clone https://github.com/nikdubois/vsftpd-2.3.4-infected.git
Now we need to install packages for setting up a build environment, for that we need to install build-essential, this will install everything required for compiling basic software written in C and C++.
sudo apt-get install build-essential
Next we need a build a file, for that go to the downloaded folder first and before building it we need to do small change in the “Makefile” i.e we need to add “-lcrypt” on the Link flag.
After committing changes on the Makefile just give the command “make”. It will build and provide us the binary.
Once the command runs successful you can see a binary file named vsftpd.
Now we need to setup some prerequisites before running the executable. we need to create an user “nobody” and a directory named “empty”. The user nobody will be available by default on Ubuntu, if not we need to create.
sudo useradd nobody
sudo mkdir /usr/share/empty
Next we need to copy executable and configuration files to the respective folder to run.
sudo cp vsftpd /usr/local/sbin/vsftpd
sudo cp vsftpd.8 /usr/local/man/man8
sudo cp vsftpd.conf.5 /usr/local/man/man5
sudo cp vsftpd.conf /etc
Now we need to do set-up for anonymous access to the ftp server. For that we are creating a directory and adding it to the user.
sudo mkdir /var/ftp/
useradd -d /var/ftp ftp
Changing the ownership and permission of the directory.
sudo chown root:root /var/ftp
sudo chmod og-w /var/ftp
Now start the vsftpd service by the following command.
sudo /usr/local/sbin/vsftpd
Now go to the Kali Linux machine and start analyzing the open ports of the Ubuntu machine with Nmap. In my case the IP of Ubuntu is 10.0.0.8
We can see the open port for ftp, to see the detailed information about the FTP port use the below command.
nmap -sCV -A -T4 -p 21 10.0.0.8
Once you see the detailed information about the FTP service, go to metasploit and search for vsftpd exploit.
Use the exploit mentioned above set the Remote host and the Remote port, then run the exploit.
Yaaahooo, we got the reverse shell of the Ubuntu Machine.
