ClamAV is a machine available in the Practice area of the Offensive Security Proving Grounds. This box difficulty is easy. Lets dive in and take a look.
- ClamAV can be found in the apt repository. Run this command to install ClamAV: apt-get install clamav. If you need clamd, you may also want to run: apt-get install clamav-daemon. For the stable release, the packages are updated via the StableUpdates mechanism.
- The clamav-daemon package creates a 'clamav' user; in order to allow ClamAV to scan system files, such as your mail spool, you can add clamav to the group that owns the files. Let ClamAV listen for Incoming Scans.
Starting with a nmap scan enabling all scripts, detecting versions, and output all formats to files starting with the string “simple”.
Installing Malware Scanning on MacOS Install and Configure ClamAV for MacOS To enable Malware Scanning with an Acunetix installation on MacOS, you will first need to install ClamAV. Since there is no native MacOS build for ClamAV, we need to first install a mechanism to package ClamAV.
So using this nmap scan and a quick search based on the name of the box we see a few possible exploits.
From the list showing “clamav” exploits we see one that is targeting SMTP which we know is open from the nmap scan.
Lets take a look at the pearl script.
So it looks like the exploit will be opening a new port 31337 and running sh as root. Lets take a look at the current status of the port.
Port 31337 is closed as expected. Running the exploit.
No errors with execution and the message looks to be accepted for delivery. Looking back at the port, its now open!
Netcat to the port.
Wow, root immediately.
How Good Is Clamav
“bash -i” to upgrade the shell just a bit. Navigate to the root desktop to grab the proof.txt.
Clamav Daemon Mac Os
ClamAV is a fun one, but the machine name gave a huge advantage to the attacker. The Offensive Security community claims that ClamAV is a retired OSCP exam box. So it was good practice if nothing else. Until next time, stay safe in the Trenches of IT!