Trouble with Exim Remote Root exploit

Printable View

04-04-2011, 01:08 PM
stormeye

Trouble with Exim Remote Root exploit

Hi!

Coming back to the scene after being away for quite some time I decided to start up trying this famous remote root exploit for exim <6.7.

I happen to have a server running 6.3 running email server for me and my girlfriend. (You can't imagine the facebookspam she gets...)

Anyway, I tried it out and got stuck here:

Code:

220 perl.*******security.net ESMTP Exim 4.63 Mon, 04 Apr 2011 07:43:29 -0500 250-perl.*******security.net Hello ***.ankfest.org [67.159.31.***] 250-SIZE 20971520 Set size to 20971520 ! 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP 250 OK 250 Accepted 354 Enter message, ending with "." on a line by itself Sending large buffer, please wait... 552 Message size exceeds maximum permitted 250 OK

The trojan is the one included in the exploit on exploit-db: http://amber.anonsecurity.net/shell.txt

But it just stucks after "250 OK", does the 552 means that server is not vuln for the exploit?

Thanks in advance.
04-05-2011, 11:08 AM
Israel213

Re: Trouble with Exim Remote Root exploit

Quote:

But it just stucks after "250 OK", does the 552 means that server is not vuln for the exploit?

First I don't think you would even need an exploit to accomplish what you've just done. Seems you've just connected to port 25 which could've just been done with telnet if that port was already open. Unless your trying to spoof an email containing the trojan via SMTP. First you would have to compile the code from the link you posted if you want it to actually run. But the way you're trying to compose this message is text only! You were cut off because your message exceeds the maximum characters allowed to be used this way. That's why it "stucks" or sticks and doesn't do anything else. But it sounds like you might have been trying to upload the trojan to the target server via SMTP. I don't believe this is possible on port 25. Try another port/protocol.
04-10-2011, 08:00 PM
stormeye

Re: Trouble with Exim Remote Root exploit

Hi!

As the exploit is written in perl I don't think it needs compiling?

I learned that that message I got was due to the server being patched, so now I installed a unpatched version which gave me these messages:

Code:

220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. 250-target.anonsecurity.net Hello MYLITTLESERVER.ankfest.org [67.159.31.***] 250-SIZE 52428800 Set size to 52428800 ! 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP 250 OK 550-MYLITTLESERVER.ankfest.org (abcde.com) [67.159.31.***] is currently not 550-permitted to relay through this server. Perhaps you have not logged into Sending large buffer, please wait... myhostname:~#

And about the upload thing, that's what this exploit do, it uploads a trojan to be runned as the rootuser. :)