id: vsftpd-detection

info:
  name: VSFTPD v2.3.4 Backdoor Command Execution
  author: pussycat0x
  severity: critical
  reference:
    - https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor/
  tags: network,vsftpd,ftp,backdoor

network:
  - inputs:
      - data: "USER anonymous\r\nPASS pussycat0x\r\n"

    host:
      - "{{Host}}:21"
      - "{{Hostname}}"

    matchers:
      - type: word
        words:
          - "vsFTPd 2.3.4"