Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Threads error #7

Open
syrius01 opened this issue Aug 14, 2018 · 3 comments
Open

Threads error #7

syrius01 opened this issue Aug 14, 2018 · 3 comments

Comments

@syrius01
Copy link

syrius01 commented Aug 14, 2018
edited
Loading

Hi,

First I would like to thank you for sharing this PoC so we can know if our environment is safe. I tried running the exp.py script but I am getting the following output;

please input ip address: 192.168.1.131
[!] testing 0x0
[!] testing 0x100
[!] testing 0x200
[!] testing 0x300
[!] testing 0x400
[!] testing 0x500
[!] testing 0x600
[!] testing 0x700
[!] testing 0x800
[!] testing 0x900
[!] testing 0xa00
[!] testing 0xb00
[!] testing 0xc00
[!] testing 0xd00
[!] testing 0xe00
[!] testing 0xf00
Exception in thread Thread-8:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 810, in __bootstrap_inner
self.run()
File "/usr/lib/python2.7/threading.py", line 763, in run
self.__target(*self.__args, **self.__kwargs)
File "exp.py", line 96, in brute_force
res = execute_command(i)
File "exp.py", line 37, in execute_command
ehlo(s, "a"*0x20)
File "exp.py", line 11, in ehlo
tube.sendline("ehlo "+who)
File "/usr/local/lib/python2.7/dist-packages/pwnlib/tubes/tube.py", line 726, in sendline
self.send(line + self.newline)
File "/usr/local/lib/python2.7/dist-packages/pwnlib/tubes/tube.py", line 707, in send
self.send_raw(data)
File "/usr/local/lib/python2.7/dist-packages/pwnlib/tubes/sock.py", line 68, in send_raw
raise EOFError
EOFError

Any help would be very appreciated,

Thanks
@skysider
Copy link
Owner

@syrius01 If you want to test if your environment is safe, you can run poc.py instead of exp.py because exp.py only tests in my docker environment.

@syrius01
Copy link
Author

syrius01 commented Aug 16, 2018
edited
Loading

Hi skysider, I finally had success with exp.py running under my Kali linux for pen testing purpose on the LAN. This only works on the docker environment tho, I was wondering if you had any idea that could lead me on how to test this exploit on my Debian/Ubuntu environment running an Exim server. Maybe by tweaking the offsets that are trying to bruteforce?

Thank you for your time

@dellasorte
Copy link

Hi skysider, I finally had success with exp.py running under my Kali linux for pen testing purpose on the LAN. This only works on the docker environment tho, I was wondering if you had any idea that could lead me on how to test this exploit on my Debian/Ubuntu environment running an Exim server. Maybe by tweaking the offsets that are trying to bruteforce?

Thank you for your time

I spent a lot of time to get all pieces together and here is what I found. There are three similar exploits each uses its own memory mapping, each one is looks like pretty cool. 1st by skysider, 2nd by straightblast, and 3rd by hcamael. the last one is recurring environment. I personally recommends to read posts by hcamael because there is a lot of interesting information.
p.s. if you will figure it out somehow let me know :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dellasorte @skysider @syrius01 and others