Results 1 to 3 of 3

Thread: Trouble with Exim Remote Root exploit

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    7

    Default Trouble with Exim Remote Root exploit

    Hi!

    Coming back to the scene after being away for quite some time I decided to start up trying this famous remote root exploit for exim <6.7.


    I happen to have a server running 6.3 running email server for me and my girlfriend. (You can't imagine the facebookspam she gets...)


    Anyway, I tried it out and got stuck here:

    Code:
    220 perl.*******security.net ESMTP Exim 4.63 Mon, 04 Apr 2011 07:43:29 -0500
    250-perl.*******security.net Hello ***.ankfest.org [67.159.31.***]
    250-SIZE 20971520
    Set size to 20971520 !
    250-8BITMIME
    250-PIPELINING
    250-AUTH PLAIN LOGIN
    250-STARTTLS
    250 HELP
    250 OK
    250 Accepted
    354 Enter message, ending with "." on a line by itself
    Sending large buffer, please wait...
    552 Message size exceeds maximum permitted
    250 OK
    The trojan is the one included in the exploit on exploit-db: http://amber.anonsecurity.net/shell.txt


    But it just stucks after "250 OK", does the 552 means that server is not vuln for the exploit?


    Thanks in advance.

  2. #2
    Member Israel213's Avatar
    Join Date
    Apr 2008
    Posts
    65

    Default Re: Trouble with Exim Remote Root exploit

    But it just stucks after "250 OK", does the 552 means that server is not vuln for the exploit?
    First I don't think you would even need an exploit to accomplish what you've just done. Seems you've just connected to port 25 which could've just been done with telnet if that port was already open. Unless your trying to spoof an email containing the trojan via SMTP. First you would have to compile the code from the link you posted if you want it to actually run. But the way you're trying to compose this message is text only! You were cut off because your message exceeds the maximum characters allowed to be used this way. That's why it "stucks" or sticks and doesn't do anything else. But it sounds like you might have been trying to upload the trojan to the target server via SMTP. I don't believe this is possible on port 25. Try another port/protocol.

  3. #3
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    7

    Default Re: Trouble with Exim Remote Root exploit

    Hi!


    As the exploit is written in perl I don't think it needs compiling?


    I learned that that message I got was due to the server being patched, so now I installed a unpatched version which gave me these messages:

    Code:
    220-We do not authorize the use of this system to transport unsolicited,
    220 and/or bulk e-mail.
    250-target.anonsecurity.net Hello MYLITTLESERVER.ankfest.org [67.159.31.***]
    250-SIZE 52428800
    Set size to 52428800 !
    250-PIPELINING
    250-AUTH PLAIN LOGIN
    250-STARTTLS
    250 HELP
    250 OK
    550-MYLITTLESERVER.ankfest.org (abcde.com) [67.159.31.***] is currently not
    550-permitted to relay through this server. Perhaps you have not logged into
    Sending large buffer, please wait...
    myhostname:~#

    And about the upload thing, that's what this exploit do, it uploads a trojan to be runned as the rootuser.

Similar Threads

  1. remote exploit
    By leohacker in forum OLD Newbie Area
    Replies: 1
    Last Post: 11-03-2009, 01:49 PM
  2. dd-wrt Remote Root Vuln
    By thorin in forum OLD General IT Discussion
    Replies: 6
    Last Post: 07-29-2009, 05:49 PM
  3. Remote root from ftp
    By jackabee in forum OLD Pentesting
    Replies: 6
    Last Post: 06-23-2008, 09:39 AM
  4. remote exploit bug
    By vreezver in forum OLD Pentesting
    Replies: 14
    Last Post: 10-20-2007, 06:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •