ProFTPD 1.3.5 Vulnerability Exploitation (CVE-2015–3306)

with Metasploit Framework and Kali Linux

Alex Perrakis
5 min readApr 9, 2024

Introduction

In this article, we will delve into a serious issue affecting ProFTPD version 1.3.5, officially known as CVE-2015–3306. Our exploration will navigate through the technical details of this vulnerability, uncovering its root causes and its potential impacts. Furthermore, we will discuss step-by-step how can a malicious person exploit this vulnerability using the Metasploit Framework in Kali Linux and gain access to the server.

What is ProFTPD?

ProFTPD (short for Pro FTP daemon) is an FTP server. ProFTPD is Free and open-source software, compatible with Unix-like systems and Microsoft Windows (via Cygwin). Along with vsftpd and Pure-FTPd, ProFTPD is among the most popular FTP servers in Unix-like environments today. Compared to those, which focus e.g. on simplicity, speed or security, ProFTPD’s primary design goal is to be a highly feature rich FTP server, exposing a large amount of configuration options to the user. — ProFTPD, Wikipedia

FTP allows users to transfer files between computer over a network. ProFTPD is known for its flexibility and ease of configuration. It’s used in a plethora of environments, particularly where secure file transfers are…

--

--

Alex Perrakis
Alex Perrakis

Written by Alex Perrakis

💻Software Engineer | Cybersecurity Master Student

Responses (1)