Target from: CVE Network
4: Flags (2:system, env, root
)
1: Service
3,600 pts
0: Flags found
1: Service discovered
100 pts
This is a target running a vulnerable OpenSMTPD instance of CVE-2020-7247.
Description
A vulnerability discovered in OpenSMTPD, OpenBSD's mail server was exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root
Environment details
The system is accessible at 10.0.100.33
and runs OpenSMTPD on Debian Buster on the default port (25/tcp).
Flags can be found at the usual places:
/root
/etc/passwd
gecos/etc/shadow
password hashenv
variable
References
55 Headshots (newer first)
Activity Stream
Latest activity on the platform