Exploit for Web_Vulnerability_Assessment CVE-2011-2523

Name: Exploit for Web_Vulnerability_Assessment CVE-2011-2523
Rating: 5 (10 reviews)
2026-06-08 | CVSS 10.0
## https://sploitus.com/exploit?id=1FA24C6E-2C84-566E-81D6-2C3643042BFB
# 🕸️ Week 03 — Web Vulnerability Assessment & Exploitation

**Intern:** Ali Ahsan | **Roll No:** CSI-B1-427
**Program:** Cyberstar Cybersecurity Red Teaming Internship
**Instructor:** Umar Niaz
**Date:** 26 March 2026
**Target Domain:** hackthissite.org

---

## 📌 Overview

This week focused on discovering hidden web content, mapping services to known CVEs, scanning CMS platforms, and gaining an initial shell through Metasploit — forming a complete web-to-foothold attack chain.

---

## 🧪 Tasks Covered

### Task 01 — Advanced Web Directory & Parameter Discovery

**Directory Brute-Forcing:**
- **FFUF** — `ffuf -u https://hackthissite.org/FUZZ -w common.txt -fc 404`
- **Gobuster** — multi-threaded directory enumeration
- **Dirsearch** — extension-aware directory and file scanning

**Hidden Parameter Discovery:**
- **Arjun** — finds hidden GET/POST parameters
- **ParamSpider** — crawls URLs to extract unique parameters

**Common sensitive paths discovered:** `/admin`, `/config`, `/.git`, `/backup`, `/api`

### Task 02 — CVE Mapping & Exploit Research
- Collected service versions via `nmap -sV`
- Searched exploits with **Searchsploit**: `searchsploit vsftpd 2.3.4`
- Researched **CVE-2011-2523** (vsftpd 2.3.4 backdoor) on NVD and Exploit-DB
- Confirmed public exploit exists → Remote Code Execution possible

### Task 03 — CMS Vulnerability Scanning
**WordPress (WPScan):**
- Set up vulnerable WordPress lab via Docker
- Basic scan, username enumeration, vulnerable plugin detection
- Aggressive plugin detection mode

**Joomla (JoomScan):**
- Docker-based Joomla lab setup
- Component and directory enumeration with Gobuster

### Task 04 — The First Shell (Metasploit Basics)
```bash
use exploit/unix/ftp/vsftpd_234_backdoor
set RHOST 
exploit
```
- Verified shell access: `whoami`, `id`, `uname -a`
- **Bonus:** Reverse shell via Netcat listener on port 4444

---

## 🛠️ Tools Used

`FFUF` · `Gobuster` · `Dirsearch` · `Arjun` · `ParamSpider` · `Searchsploit` · `WPScan` · `JoomScan` · `Metasploit` · `Netcat` · `Docker`

---

## ⚠️ Disclaimer

> Performed in an **authorized lab environment** using intentionally vulnerable applications (OWASP Juice Shop, VulnerableWordPress). For educational purposes only.