Now that you understand the vulnerability, you can both defend against it and – in controlled environments – use it to learn how supply‑chain attacks work. Stay curious, but always stay ethical.
Rapid7 provides a deliberately vulnerable Linux virtual machine called Metasploitable 2, which includes the backdoored version of VSFTPD pre-installed. vsftpd 208 exploit github link
To prevent exploitation of this vulnerability, it is essential to: Now that you understand the vulnerability, you can
The backdoor is a (the server opens a port and waits for the attacker to connect) rather than a reverse shell. Because vsftpd runs as root, the resulting shell also runs as root. To prevent exploitation of this vulnerability, it is
Block unneeded high-numbered ports (like 6200) at the network perimeter to prevent backdoor shells from communicating outside the network.
The backdoor is triggered by sending a specific sequence of characters during the login process.