# Clam AV

## 80

Found a website with binary code: ![](https://2519178678-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuE2sPgM0QY6KfiTIG8Vs%2Fuploads%2Fgit-blob-76c8f5dc0348f474727ef72ca7ecb1bda59e2d86%2Fb74e343dc4be01b77dd6c35d49f672a0.png?alt=media) ![](https://2519178678-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuE2sPgM0QY6KfiTIG8Vs%2Fuploads%2Fgit-blob-ea8d1035f70c23c8f12f2b9db1b0c4bc7f2a5529%2F5f6c8a1eda77b721e4a4aa8d55f396ed.png?alt=media) Challenge accepted \\

## UDP 161

Checking snmp we can find running processes:

```bash
snmpwalk -c public -v1 -t 10 192.168.180.42 1.3.6.1.2.1.25.4.2.1.2
```

![](https://2519178678-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuE2sPgM0QY6KfiTIG8Vs%2Fuploads%2Fgit-blob-b3bc377659bf71d8c0c35581d09403d1de3c11d9%2F16c1821c7e1de573375c6df59bf12fd6.png?alt=media)

Now using this exploit for sendtmail and clamdv: <https://github.com/0x1sac/ClamAV-Milter-Sendmail-0.91.2-Remote-Code-Execution/blob/main/exploit.c>

Testing with ping we get receive packets: ![](https://2519178678-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuE2sPgM0QY6KfiTIG8Vs%2Fuploads%2Fgit-blob-152f90c23cbae6a26c3a4b5dbec7a658c63917a7%2Fa5cf06fafe5ef7c8fa508c27af49d743.png?alt=media)

Now we can use a different exploit to get a shell <https://www.exploit-db.com/exploits/4761>

```
perl 4761.pl 192.168.180.42
```

Then connect to it: ![](https://2519178678-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuE2sPgM0QY6KfiTIG8Vs%2Fuploads%2Fgit-blob-020a2b1fd25c7410b217c57131dd42890fff5f90%2F5e331cfc6d51b8c45f4191dc93bbd2dd.png?alt=media)