Hi, I am releasing the first public version of PIRANA. PIRANA is an exploitation framework that tests the security of a email content filter. By means of a vulnerability database, the content filter to be tested will be bombarded by various emails containing a malicious payload intended to compromise the computing platform. PIRANA's goal is to test whether or not any vulnerability exists on the content filtering platform. The tool is a PERL program, which builds email and attaches malicious payloads generated by various exploitation codes, then sends it to the target. Several techniques were developed to improve reliability and add discretion. The tool is modular and it is possible to add support for new vulnerabilities that could emerge in the future. Right now, 5 exploitation modules are available to test your content filter with. They are: 1- LHA get_header File Name Overflow (OSVDB #5753) 2- LHA get_header Directory Name Overflow (OSVDB #5754) 3- file readelf.c tryelf() ELF Header Overflow (OSVDB #6456) 4- unarj Filename Handling Overflow (OSVDB #11695) 5- ZOO combine File and Dir name overflow (OSVDB #23460) PIRANA uses metasploit's shellcode generator to build its shellcodes. It also uses MIME::Lite to send the emails. A whitepaper was published that explains what are the vulnerabilities of a SMTP content filter. It also shows what techniques were used in PIRANA to improve reliability and stealthness. You can get PIRANA here: http://www.guay-leroux.com/projects/pirana-0.2.1.tar.gz You can get the whitepaper here: http://www.guay-leroux.com/projects/SMTP%20content%20filters.pdf I hope that you will like it :-) -- Jean-Sébastien Guay-Leroux jean-sebastien at guay-leroux dot com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
