Trouble with Exim Remote Root exploit

[stormeye]

Hi!

Coming back to the scene after being away for quite some time I decided to start up trying this famous remote root exploit for exim <6.7.


I happen to have a server running 6.3 running email server for me and my girlfriend. (You can't imagine the facebookspam she gets...)


Anyway, I tried it out and got stuck here:

Code:

220 perl.*******security.net ESMTP Exim 4.63 Mon, 04 Apr 2011 07:43:29 -0500
250-perl.*******security.net Hello ***.ankfest.org [67.159.31.***]
250-SIZE 20971520
Set size to 20971520 !
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
250 OK
250 Accepted
354 Enter message, ending with "." on a line by itself
Sending large buffer, please wait...
552 Message size exceeds maximum permitted
250 OK

The trojan is the one included in the exploit on exploit-db: http://amber.anonsecurity.net/shell.txt


But it just stucks after "250 OK", does the 552 means that server is not vuln for the exploit?


Thanks in advance.

[Israel213]

But it just stucks after "250 OK", does the 552 means that server is not vuln for the exploit?

First I don't think you would even need an exploit to accomplish what you've just done. Seems you've just connected to port 25 which could've just been done with telnet if that port was already open. Unless your trying to spoof an email containing the trojan via SMTP. First you would have to compile the code from the link you posted if you want it to actually run. But the way you're trying to compose this message is text only! You were cut off because your message exceeds the maximum characters allowed to be used this way. That's why it "stucks" or sticks and doesn't do anything else. But it sounds like you might have been trying to upload the trojan to the target server via SMTP. I don't believe this is possible on port 25. Try another port/protocol.

[stormeye]

Hi!


As the exploit is written in perl I don't think it needs compiling?


I learned that that message I got was due to the server being patched, so now I installed a unpatched version which gave me these messages:

Code:

220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
250-target.anonsecurity.net Hello MYLITTLESERVER.ankfest.org [67.159.31.***]
250-SIZE 52428800
Set size to 52428800 !
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
250 OK
550-MYLITTLESERVER.ankfest.org (abcde.com) [67.159.31.***] is currently not
550-permitted to relay through this server. Perhaps you have not logged into
Sending large buffer, please wait...
myhostname:~#

And about the upload thing, that's what this exploit do, it uploads a trojan to be runned as the rootuser.