For this Ubuntu host, we will be installing a vulnerable version of an FTP server, vsftpd. Version 2.3.4 of this FTP software was found to be backdoored. In this chapter, we will be installing this backdoored version and then will attempt to identify it using a pentesting box we will set up in the next chapter, and finally we will exploit it.

To make things easier, the backdoored version of vsftpd 2.3.4 is archived on GitHub. We shall be using that code base to install the vulnerable software. To start with, we need to clone the git repository:

git clone https://github.com/nikdubois/vsftpd-2.3.4-infected.git

Next, we need to install packages for setting up a primary build environment. To do this, we run the following:

sudo apt-get install build-essential

Now, we cd into the vsftpd folder to build it from source. However, before doing that, we need to make a small change to the Makefile. The -lcrypt value needs to be added as a linker flag:

Once done, save the file and just run make.

If all goes well, we should see a vsftpd binary in the same folder:

Next, we need to set up some prerequisites before installing vsftpd. Namely, we need to add a user called nobody and a folder called empty. To do that, run the following commands:

useradd nobody
mkdir /usr/share/empty

Once done, we can run the installation by executing the following commands:

sudo cp vsftpd /usr/local/sbin/vsftpd
sudo cp vsftpd.8 /usr/local/man/man8
sudo cp vsftpd.conf.5 /usr/local/man/man5
sudo cp vsftpd.conf /etc

With that done, we need to execute the vsftpd binary to confirm whether we can connect to the localhost: 

The next step is to set up anonymous access to the FTP server. To do this, we need to run the following commands:

mkdir /var/ftp/
useradd -d /var/ftp ftp
chown root:root /var/ftp
chmod og-w /var/ftp

Finally, enable local login to the vsftpd server by making the following change to /etc/vsftpd.conf: