AOH :: HP Unsorted P :: B06-1416.HTM

Pirana exploitation framework and smtp contentfilter security
PIRANA exploitation framework and SMTP contentfilter security
PIRANA exploitation framework and SMTP contentfilter security


I am releasing the first public version of PIRANA.

PIRANA is an exploitation framework that tests the security of a email
content filter.  By means of a vulnerability database, the content
filter to be tested will be bombarded by various emails containing a
malicious payload intended to compromise the computing platform.
PIRANA's goal is to test whether or not any vulnerability exists on the
content filtering platform.

The tool is a PERL program, which builds email and attaches malicious
payloads generated by various exploitation codes, then sends it to the
target.  Several techniques were developed to improve reliability and
add discretion.  The tool is modular and it is possible to add support
for new vulnerabilities that could emerge in the future.

Right now, 5 exploitation modules are available to test your content
filter with.  They are:

1- LHA get_header File Name Overflow (OSVDB #5753)
2- LHA get_header Directory Name Overflow (OSVDB #5754)
3- file readelf.c tryelf() ELF Header Overflow (OSVDB #6456)
4- unarj Filename Handling Overflow (OSVDB #11695)
5- ZOO combine File and Dir name overflow (OSVDB #23460)

PIRANA uses metasploit's shellcode generator to build its shellcodes.
It also uses MIME::Lite to send the emails.

A whitepaper was published that explains what are the vulnerabilities of
a SMTP content filter.  It also shows what techniques were used in
PIRANA to improve reliability and stealthness.

You can get PIRANA here: 

You can get the whitepaper here: 

I hope that you will like it :-)

Jean-S=E9bastien Guay-Leroux
jean-sebastien at guay-leroux dot com

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to