ftp exploits

ProFTPd 1.3.5

• exploit-db/36742

vsftpd 2.3.4

• 0xdf/ctfscripts/vsftpd2.3.4-backdoor

  • launches a interactive php shell

    • run phpinfo() & search for disable_fucntions to checks blacklisted commands.

PHP shell commands:

• getcwd();

• get_current_user();

• scandir("/")

• ls #

  • List local, instance or class variables, methods and constants.

• show $variable

• echo file_get_contents("FILE_TO_READ")

• readfile("FILE_TO_READ")

• fwrite(fopen("FILE_TO_WRITE_TO","w+"),"DATA");