# ftp exploits

## ProFTPd 1.3.5

* [exploit-db/36742](https://www.exploit-db.com/exploits/36742)

## vsftpd 2.3.4

* [0xdf/ctfscripts/vsftpd2.3.4-backdoor](https://gitlab.com/0xdf/ctfscripts/-/tree/master/vsftpd2.3.4-backdoor)
  * launches a interactive php shell
    * run `phpinfo()` & search for `disable_fucntions` to checks blacklisted commands.

### PHP shell commands:

* getcwd();
* get\_current\_user();
* scandir("/")
* ls #
  * List local, instance or class variables, methods and constants.
* show $variable
* echo file\_get\_contents("FILE\_TO\_READ")
* readfile("FILE\_TO\_READ")
* fwrite(fopen("FILE\_TO\_WRITE\_TO","w+"),"DATA");