This repository contains a Proof-of-Concept (PoC) script to exploit the Exim vulnerability CVE-2024-39929. The vulnerability affects Exim versions up to and including 4.97.1, allowing attackers to bypass file extension blocking mechanisms and potentially deliver executable attachments to users’ mailboxes.
The PoC script in this repository reads a list of SMTP servers from an external file and sends an email with a crafted attachment designed to exploit CVE-2024-39929. The script dynamically sets the email subject to indicate the server through which the email was passed.
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.
The script performs the following actions:
- Reads the list of SMTP servers from the specified file.
- Prompts the user for sender and recipient email addresses.
- Connects to each SMTP server on port 25.
- Sends an email with a crafted attachment designed to exploit CVE-2024-39929.
- Sets the email subject to indicate the server used for sending the email.
- Prints debug information and handles exceptions.
Important Considerations
- Ethical Use: Ensure you have permission to test these servers for vulnerabilities. Unauthorized testing can be illegal and unethical.
- Monitoring: Monitor the responses and behaviors of the servers to determine if the exploit was successful.
Disclaimer
This tool is intended for educational purposes and authorized testing only. The authors are not responsible for any misuse of this tool.
What do you think?
It is nice to know your opinion. Leave a comment.