Description
This module exploits a shellshock vulnerability on Qmail, a public domain MTA written in C that runs on Unix systems. Due to the lack of validation on the MAIL FROM field, it is possible to execute shell code on a system with a vulnerable BASH (Shellshock). This flaw works on the latest Qmail versions (qmail-1.03 and netqmail-1.06). However, in order to execute code, /bin/sh has to be linked to bash (usually default configuration) and a valid recipient must be set on the RCPT TO field (usually [email protected]). The exploit does not work on the "qmailrocks" community version as it ensures the MAILFROM field is well-formed.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/unix/smtp/qmail_bash_env_execmsf undefined(qmail_bash_env_exec) > show actions ...actions...msf undefined(qmail_bash_env_exec) > set ACTION < action-name >msf undefined(qmail_bash_env_exec) > show options ...show and set options...msf undefined(qmail_bash_env_exec) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub