Vulnerability & Exploit Database

Back to search

Morris Worm sendmail Debug Mode Shell Escape

This module exploits sendmail's well-known historical debug mode to escape to a shell and execute commands in the SMTP RCPT TO command. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg. Currently only cmd/unix/reverse and cmd/unix/generic are supported.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/unix/smtp/morris_sendmail_debug

Authors

  • Robert Tappan Morris
  • Cliff Stoll
  • wvu <wvu [at] metasploit.com>

References

Targets

  • @(#)version.c 5.51 (Berkeley) 5/2/86

Platforms

  • unix

Architectures

  • cmd

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/unix/smtp/morris_sendmail_debug msf exploit(morris_sendmail_debug) > show targets ...targets... msf exploit(morris_sendmail_debug) > set TARGET <target-id> msf exploit(morris_sendmail_debug) > show options ...show and set options... msf exploit(morris_sendmail_debug) > exploit