mailing list archives
[Full-disclosure] PIRANA exploitation framework and SMTP contentfilter security
From: Jean-Sébastien Guay-Leroux <jean-sebastien () guay-leroux com>
Date: Mon, 3 Apr 2006 19:45:25 -0400
I am releasing the first public version of PIRANA.
PIRANA is an exploitation framework that tests the security of a email
content filter. By means of a vulnerability database, the content
filter to be tested will be bombarded by various emails containing a
malicious payload intended to compromise the computing platform.
PIRANA's goal is to test whether or not any vulnerability exists on the
content filtering platform.
The tool is a PERL program, which builds email and attaches malicious
payloads generated by various exploitation codes, then sends it to the
target. Several techniques were developed to improve reliability and
add discretion. The tool is modular and it is possible to add support
for new vulnerabilities that could emerge in the future.
Right now, 5 exploitation modules are available to test your content
filter with. They are:
1- LHA get_header File Name Overflow (OSVDB #5753)
2- LHA get_header Directory Name Overflow (OSVDB #5754)
3- file readelf.c tryelf() ELF Header Overflow (OSVDB #6456)
4- unarj Filename Handling Overflow (OSVDB #11695)
5- ZOO combine File and Dir name overflow (OSVDB #23460)
PIRANA uses metasploit's shellcode generator to build its shellcodes.
It also uses MIME::Lite to send the emails.
A whitepaper was published that explains what are the vulnerabilities of
a SMTP content filter. It also shows what techniques were used in
PIRANA to improve reliability and stealthness.
You can get PIRANA here:
You can get the whitepaper here:
I hope that you will like it :-)
jean-sebastien at guay-leroux dot com
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- [Full-disclosure] PIRANA exploitation framework and SMTP contentfilter security Jean-Sébastien Guay-Leroux (Apr 05)