Target from: CVE Network
Intermediate, Rootable
CVE-2020-7247 / 0.0.0.0
4: Flags (2:system, env, root)
1: Service
3,600 pts
Level 5 / Junior Securitas
0x1337 / 468th Place
4: Flags found
1: Service discovered
1,850 pts
41 minutes
This is a target running a vulnerable OpenSMTPD instance of CVE-2020-7247.
Description
A vulnerability discovered in OpenSMTPD, OpenBSD's mail server was exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root
Environment details
The system is accessible at 10.0.100.33 and runs OpenSMTPD on Debian Buster on the default port (25/tcp).
Flags can be found at the usual places:
/root/etc/passwdgecos/etc/shadowpassword hashenvvariable
References
51 Headshots (newer first)
D4rkZone, michyamrane, snipeXZ, mokrates, darklordbnl, falconsec, 44756D6D506C61796572, BlackAnon, luismtzsilva, ks4v3r, Winsad, L0v3, jaxafed, dogolinho, antonioban, noother, markuche, Twelve, 0xRaefM4sk0ff, Grosik, 0x1337, sirEgghead, JDgodd, ElleuchX1, Muzec, wonderchild, R4V3N, hacker, g0rchy, jinake, biba22, Pegasus, rootz, M96oL, vvip1337, Wh04m1, r0b0tG4nG, sn1per, TheCyberGeek, galoget, 0xRar, lMinzarl, PufferOverflow, R4kan, AKMalware, L0n3lyW0lf, x0day, abosaif, hitmanalharbiActivity Stream
Latest activity on the platform
0x1337 Gained access to data stored in environmental variables from CVE-2020-7247 for 350 points, 31 months ago 0x1337 Discovered the ETSCTF username flag under the /etc/shadow file from CVE-2020-7247 for 500 points, 31 months ago 0x1337 Discovered the ETSCTF username gecos flag under the /etc/passwd file from CVE-2020-7247 for 400 points, 31 months ago