Python RCE exploit for Sendmail with ClamAV-Milter <0.91.2 (CVE-2007-4560). Remote root command injection via SMTP RCPT TO headers.
Python port of the classic Sendmail/ClamAV-Milter remote root exploit originally written in Perl by Eliteboy.
Original exploit: exploit-db.com/exploits/4761
The exploit leverages improper input sanitization in clamav-milter <0.91.2, allowing command injection through specially crafted SMTP RCPT TO headers. Commands execute with root privileges, enabling:
- Modification of
/etc/inetd.confto add a bind shell - Restart of the inetd service to activate the backdoor
The original Perl exploit works, but this Python port offers significant improvements for modern pentesting workflows:
This Python Port:
- Zero dependencies - Python3 standard library only, no CPAN modules
- Better error handling - Clear, actionable error messages
- Progress indicators - Step-by-step feedback during exploitation
python sendmail_clamav_exploit.py <target_ip>After successful exploitation:
nc <target_ip> 1001
bash -i- Sendmail 8.13.4/8.13.4/Debian-3sarge3
- ClamAV-Milter < 0.91.2
- Original exploit: https://www.exploit-db.com/exploits/4761
- CVE: Related to ClamAV-Milter command injection
- Author: strikoder (https://github.com/strikoder)
- Original author: Eliteboy (2007)