Hi list, I noticed the smtp_deliver.rb and smtp.rb exploit handler does not adhere to RFC.
http://www.ietf.org/rfc/rfc0821.txt When using an RFC enforcing proxy to send email client exploits, the message is rejected solely based on RFC compliance. Two issues: 1) The RCPT TO and MAIL FROM should have <> for RFC 2) The HELO/EHLO Rex::Text.rand_text... is not a real domain, so is rejected. Additionally, some proxies require the domain to be realistic based on DNS/MX etc. What are your thoughts? I'd change it but need to be careful not to break other's modules [1]. A simple change may be to set the datastore MAILFROM/MAILTO to include the <> as a string. [1] My unix\smtp\clamav_milter_blackhole.rb module will break if the handler is changed, but simple fix. -Patrick Index: smtp_deliver.rb =================================================================== --- smtp_deliver.rb (revision 5847) +++ smtp_deliver.rb (working copy) @@ -39,13 +39,13 @@ print_status("SMTP: #{res.strip}") - res = raw_send_recv("EHLO #{Rex::Text.rand_text_alpha(rand(32)+1)}\r\n", msock) + res = raw_send_recv("EHLO example.com\r\n", msock) print_status("SMTP: #{res.strip}") - res = raw_send_recv("MAIL FROM: #{datastore['MAILFROM']}\r\n", msock) + res = raw_send_recv("MAIL FROM: <#{datastore['MAILFROM']}>\r\n", msock) print_status("SMTP: #{res.strip}") - res = raw_send_recv("RCPT TO: #{datastore['MAILTO']}\r\n", msock) + res = raw_send_recv("RCPT TO: <#{datastore['MAILTO']}>\r\n", msock) print_status("SMTP: #{res.strip}") print_status("Sending the message (#{data.length} bytes)...") _______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers
