ProFTPD 1.3.5 Vulnerability Exploitation (CVE-2015–3306)
with Metasploit Framework and Kali Linux
Introduction
In this article, we will delve into a serious issue affecting ProFTPD version 1.3.5, officially known as CVE-2015–3306. Our exploration will navigate through the technical details of this vulnerability, uncovering its root causes and its potential impacts. Furthermore, we will discuss step-by-step how can a malicious person exploit this vulnerability using the Metasploit Framework in Kali Linux and gain access to the server.
What is ProFTPD?
ProFTPD (short for Pro FTP daemon) is an FTP server. ProFTPD is Free and open-source software, compatible with Unix-like systems and Microsoft Windows (via Cygwin). Along with vsftpd and Pure-FTPd, ProFTPD is among the most popular FTP servers in Unix-like environments today. Compared to those, which focus e.g. on simplicity, speed or security, ProFTPD’s primary design goal is to be a highly feature rich FTP server, exposing a large amount of configuration options to the user. — ProFTPD, Wikipedia
FTP allows users to transfer files between computer over a network. ProFTPD is known for its flexibility and ease of configuration. It’s used in a plethora of environments, particularly where secure file transfers are…